These tend to manifest themselves when you have mixed content on the page or you're using CORS. For CORS the issues can surface due to running different rules for dev vs prod/stg.
localhost gives you a different security context in your browser than using a full domain name. Typically to use a full domain name locally you'd either need to mess with /etc/hosts (which can bite you later) or mess with DNS. lcl.host just makes things work out of the box.
Let me add a bit of clarification here, since you specifically asked about https://localhost
Using http with localhost is a mostly security context, but it has some quirks[0]. Using https://localhost will give you the full security context but then you're typically stuck either dealing with certs manually or using a proxy, like caddy. lcl.host should simplify your setup.
We're big fans of caddy by the way and even sponsor the project. Matt's doing amazing work over there.
