UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

Steps to reproduce the problem:
1. Spin up local server on port 1234 that serves a js file called mixed-content-localhost.js
2. Open this URL https://output.jsbin.com/wucaneh/1/quiet
3. Check console 

What is the expected behavior?
To me I should have to explicitly click the the shield icon in the address bar to allow mixed content to load on the page.

What went wrong?
Chrome 63 only 127.0.0.1 worked, chrome 64+ localhost works now too. I checked the chromium source code and I can't see any change since 2016 in your MixedContentChecker.cpp file.

This behaviour seems fairly inconsistent in browsers: 
- firefox latest : 127.0.0.1 works but localhost is blocked
- safari latest (high sierra): All scripts are blocked
- IE11: All scripts a re blocked
- Edge 17: All scripts are blocked

I couldn't find any changelog notes about what might have changed between v63 and v64.

Did this work before? N/A 

Chrome version: 67.0.3396.99  Channel: stable
OS Version: OS X 10.13.1
Flash Version: