How to securely test local/staging HTTPS project
Modern projects often support HTTPS and HTTP/2, moreover they can use
Content-Security-Policy: headers which result in different behaviour for HTTP and HTTPS versions, or
even completely forbid HTTP version. To develop and test such project locally, on CI, and at staging server
we either have to provide a way to access it using HTTP in non-production environments (bad idea) or
somehow make it work with HTTPS everywhere.
HTTP in non-production environments is a bad idea because we'll test not the same thing which will runs on production, and because there is a chance to occasionally keep HTTP enabled on production too.