diff --git a/.env.example b/.env.example
index 2b0507c7..a664acb7 100644
--- a/.env.example
+++ b/.env.example
@@ -2,6 +2,7 @@ RAILS_ENV=
 IMAP_SERVER=
 DEFAULT_FROM=
 SKEL_SUTTY=https://0xacab.org/sutty/skel.sutty.nl
+# XXX: Si cambiás esta variable, tenés que editar config/webpacker.yml también :(
 SUTTY=sutty.local
 SUTTY_WITH_PORT=sutty.local:3000
 REDIS_SERVER=
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 6aebb6bd..91d287e0 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -17,10 +17,11 @@ Rails.application.config.content_security_policy do |policy|
   policy.img_src     :self, :data, :https, :blob
   # Ya no usamos applets!
   policy.object_src  :none
+  # webpack-dev-server
   if Rails.env.development?
     policy.connect_src :self,
-                       'http://localhost:3035',
-                       'ws://localhost:3035'
+                       "https://#{ENV.fetch('SUTTY', 'sutty.local')}:3035",
+                       "wss://#{ENV.fetch('SUTTY', 'sutty.local')}:3035"
   end
 
   # Specify URI for violation reports
diff --git a/config/webpacker.yml b/config/webpacker.yml
index de6ca708..b19ab110 100644
--- a/config/webpacker.yml
+++ b/config/webpacker.yml
@@ -53,10 +53,13 @@ development:
 
   # Reference: https://webpack.js.org/configuration/dev-server/
   dev_server:
-    https: true
-    host: <%= ENV.fetch('SUTTY', 'localhost') %>
+    https:
+      key: '../sutty.local/domain/sutty.local.key'
+      cert: '../sutty.local/domain/sutty.local.crt'
+    # XXX: esto está hardcodeado, debería conseguirlo del ENV
+    host: sutty.local
     port: 3035
-    public: <%= ENV.fetch('SUTTY', 'localhost') %>:3035
+    public: sutty.local:3035
     hmr: false
     # Inline should be set to true if using HMR
     inline: true