New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Library requires https on localhost in development #30

Open

tenor-dev opened this issue Aug 19, 2022 · 1 comment

tenor-dev commented Aug 19, 2022

To make development with the library easier, it should allow http://localhost:XXX or provide an option to disable https check.

Member

taneltm commented Nov 10, 2022

I agree, it would make development and testing easier.

Both the library and the extension check for Secure Context, which makes an exception for locally-delivered resources.

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

However, web-eid-app does not allow http://localhost and exits with ERR_WEBEID_NATIVE_FATAL.

origin scheme has to be https or wss in src/controller/command-handlers/certificatereader.cpp:134:validateAndStoreOrigin

As I see it, we could solve it in two ways:

Change web-eid-app to allows local origins without HTTPS
Make the extension lie about the origin in DEBUG mode and provide https://debug.localhost as the origin to web-eid-app.

As a workaround, you can edit /web-eid-webextension/src/content/content.ts and replace all instances of event.origin with "https://localhost".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment