It's not about the TLS/SSL certificate.
I do have a trusted certificate for localhost, nevertheless the CanvasHttp::InsecureUriError is always thrown.
If you look at the file gems/canvas_http/spec/canvas_http_spec.rb, you'll see these test cases:
expect { CanvasHttp.validate_url('http://127.0.0.1') }.not_to raise_error
expect { CanvasHttp.validate_url('http://127.0.0.1', check_host: true) }.to raise_error(CanvasHttp::InsecureUriError)
So 127.0.0.1 will definitely cause the error when check_host is set to true, but whether https or not simply does not matter.
Unfortunately, CanvasHttp::get calls CanvasHttp::request, which in turn calls CanvasHttp::validate_url, and check_host: true is hard coded there so I had no choice but to intrusively modify the code. Also, you can see http.verify_mode = OpenSSL::SSL::VERIFY_NONE hard coded in the implementation of CanvasHttp::request (in the file gems/canvas_http/lib/canvas_http.rb), so whether the TLS/SSL certificate is trusted or not doesn't matter either. My concern is that CanvasHttp is used in many places in many source files. My modification to the code may break the existing code.
