How to Avoid Chrome Security Issues Developing Office Add-in Hosted on localhost
When developing add-ins for Office you are often serving the add-in from a local web server on a URL using the host name “localhost”. Office add-ins also require the web server to use SSL to serve the resources for the add-in. The Chrome security implementation will fire off a security error under most common development scenarios. This is when the domain of the SSL certificate does not match “localhost”.
You will see this problem manifest itself by causing your add-in to not start and show an error stating:
“Add-in Error Something went wrong and we couldn’t start this add-in. Please try again later or contact your system administrator”
If you have the Developer Tools window open in Chrome you will see error messages getting output with the text:
There is a relatively easy workaround to this problem that you can implement on your development machine to allow Chrome to bypass this certificate check on URLs served from “localhost”.
Type the following into the Chrome browser URL bar:
Enable the option:
“Allow invalid certificates for resources loaded from localhost. Mac, Windows, Linux, Chrome OS, Android
Allows requests to localhost over HTTPS even when an invalid certificate is presented.”
After making this change you will need to restart Chrome.