Sending data from an HTTPS page to a localhost server

Question

I was wondering what the best way to send data from an HTTPS webpage loaded in a browser to a server running on localhost would be. Currently I have a solution that works with both HTTP and HTTPS pages, but with HTTPS pages the browser will output a Mixed Content warning (as it should). This can be bypassed by changing browser settings, but I'd rather not have users do that. This is my javascript that is loaded in the browser through a bookmark (not really sure if this is the best way to do it, but its browser independent):

    function sendLocalPOST(player, song) {
    var url = "http://localhost:13337/";

    $.ajax({
        type: "POST",
        crossdomain: true,
        contentType: "application/json; charset=utf-8",
        url: url,
        dataType: "json",
        data: { 'player': player, 'song': song },
        success: function (data) {
        }
    });
}

and here are some important snippets from the C# server code:

    public WebAppHandler()
    {
        // Other non-important stuff
        listener = new HttpListener();
        listener.Prefixes.Add("http://localhost:13337/");
    }

    public void pollForSongChanges()
    {
        try
        {
            listener.Start();
        }
        catch (HttpListenerException)
        {
            return;
        }
        while (listener.IsListening)
        {
            var context = listener.GetContext();
            ProcessRequest(context);
        }
        listener.Close();
    }

    public void start()
    {
        pr = new Thread(new ThreadStart(pollForSongChanges));
        pr.Start();
    }

There's another question that I saw on stackoverflow that has a great answer (the accepted one), that requires you to bind an SSL certificate to your application, but does that mean I have to get an actual trusted SSL certificate for a localhost server in order to have it work out-of-the-box on other computers?

Maybe I'm going about this all wrong, just wondering if there is a better way. Thanks for any answers.

@AlexeiLevenkov, do you mean something like this:

    function postToIframe(data) {
        var url = "http://localhost:13337/";
        var target = "npiframe";

        $('body').append('<form action="' + url + '" method="post" target="' + target + '" id="postToIframe"></form>');
        $.each(data, function (n, v) {
            $('#postToIframe').append('<input type="hidden" name="' + n + '" value="' + v + '" />');
        });
        $('#postToIframe').submit().remove();
    }

Answer 1

Basically, you can't do this. because It is hacking.

but, if you can modifiy client's hosts file, then route localhost to 'yourdomain.com' and generate ssl certificate to 'yourdomain.com'.

or you can make proxy server(https://targetdomain.com to http://localhost) in localhost server.

Answer 2

There is no way to get a certificate for localhost, since the hostname localhost is not owned by yourself. But you can get a certificate for foo.example.com if you own example.com and it does not matter which IP foo.example.com resolves too. Thus a common workaround used by Spotify and others is to have a certificate for their own hostname, but with the DNS entry pointing to 127.0.0.1.

But unaware to most this only works if the user does not use a web proxy. When using the proxy the name will only resolved at the proxy so it effectively means that it tries to connect to the localhost from the view of the proxy, i.e. the proxy itself.

In summary: working with resources from localhost will not work fully. From a security perspective your web application has no control what is really running on localhost, so trusting anything from localhost by including it into your page is a bad idea anyway. This is the same as you would include a file:// from the users systems into your application.