Is there a reason why http MCP connectors are not allowed for locahost?

I tried to create an mcp server for one of our tool. And stumbled upon an issue.

I’m testing my tool locally and i don’t have a trusted certificate for the localhost. But chatgpt refused to add a localhost ip tool with http, because it is insecure.

And even the letsencrypt website says:

Fortunately, modern browsers consider http://127.0.0.1:8000/ to be a “potentially trustworthy” URL because it refers to a loopback address. Traffic sent to 127.0.0.1 is guaranteed not to leave your machine, and so is considered automatically secure against network interception.

So, my question is - how come? And would developers consider changing this?

I understand that there are some hacky workarounds for that, but it feels like an unnecessary headache for a developer.

you can use a free https tunnel to your localhost from cloudfare to connect a chatgpt to a local MCP server even it its locally it expects a secure connection cloudfare provides the certificate for you

Thank you! But as I mentioned above, I understand that there are workarounds for the situation. My question is why this restriction was introduced?

Its one of these stupid safety guard architectures where they want all api originating from chatgpt or openai to be https based. if you have your own domain though you could create your own certification for https and use a localhost with it.

the cloudfare tunnel is free though… they just do the certification and tunnel it forward offering https