2

Many features of the web are not supported when in insecure contexts.

For example the crypto.subtle API is undefined if not running over https.

I had been developing over localhost and there is an exception here where the context is still considered secure, and everything was working fine.

However, now I am testing on my mobile device which means I am now connecting to 192.168.1.xxx from my computer. Because of this, it is no longer a secure context, and I have lost access to certain APIs that I need.

How can I fix this? How can I test my application on my mobile device using my computer's IP address, with access to APIs that are only available in secure contexts?

David Callanan
  • 5,601
  • 7
  • 63
  • 105

2 Answers2

2

You could create a self-signed certificate for your development server, and then explicitly bypass the SSL error:

enter image description here

Guerric P
  • 30,447
  • 6
  • 48
  • 86
0

Sign up for dynamic DNS service with a dynamic DNS provider that is on the Public Suffix List and supports updating TXT records through an API. Then use ACME client software, such as Certbot or Dehydrated, to obtain a certificate from Let's Encrypt for that server.

  • Being on the Public Suffix List is important because Let's Encrypt, a widely used automated certificate authority (CA), uses the Public Suffix List to distinguish different sites from different subdomains of a single site.
  • TXT records are important because it lets an ACME client use the DNS challenge. The client places a value chosen by the CA in a TXT record on the domain to prove the user's control of the domain name to the CA. This avoids having to open an inbound port from the Internet, which can prove impossible in places where ISPs typically use carrier-grade network address translation (CGNAT) to put an entire neighborhood behind one public IP address.

As of this writing, Duck DNS is one such provider. I am not affiliated with this organization.

Damian Yerrick
  • 4,602
  • 2
  • 26
  • 64