I've encountered a similar issue on the latest macOS (14.5). Interestingly, non-root users can bind to the HTTPS port (443) on any public addresses, including
127.0.0.1, but cannot bind solely to private address 127.0.0.1.
In reality, we don't want our local development environment exposed to the public, as it poses a security risk of unexpected access.
So, the ideal behavior is that non-root users can only bind to localhost and not to public addresses. However, since Apple has already opened up binding to public
addresses, I think it's better to allow binding solely to localhost as well.
kaneg
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution