Stack Overflow
Stack Overflow

Questions tagged [secure-context]

Use this tag when you see a message in the browser devtools console mentioning "secure context” and you want to know if it’s possible to eliminate the error. Also for other questions on secure contexts, as defined in the Secure Context specification.

30 questions
30
votes
3 answers

In android's Google Chrome, how to set unsafely-treat-insecure-origin-as-secure

I'm using getUserMedia() in my web app which works fine when I test my app on localhost. But if I treat my laptop as server and launch app in Google Chrome browser of my android phone, it gives me the error: getUserMedia() no longer works on…
Developer
  • 695
  • 2
  • 8
  • 17
18
votes
2 answers

Enable HTTP Geolocation For Local Firefox Debugging

"A Geolocation request can only be fulfilled in a secure context" Its great that HTTPS is needed for geolocation but I need to debug on insecure local server before it makes it to live. I was hoping I could edit Firefoxes 'about:config' to disable…
BFalcon
  • 331
  • 1
  • 3
  • 10
8
votes
2 answers

Is there an equivalent of "Insecure origins treated as secure" of Chrome flag in Firefox?

I am using "Insecure origins treated as secure" flag in Chrome for development purposes and I have added some websites like http://myWebsite:port. It works great in Chrome. Now I need the same feature in Firefox but cannot find it. Is it possible to…
Reza
  • 3,473
  • 4
  • 35
  • 54
8
votes
1 answer

Mixed-content request from HTTPS page to HTTP (non-HTTPS) localhost address not blocked

Suppose the page below is loaded from https://127.0.100.1. The page makes an XMLHttpRequest to http://127.0.100.2. This seems like mixed content: The page is loaded over a secure connection and a resource is loaded over an insecure connection.…
user2768
  • 794
  • 8
  • 31
8
votes
2 answers

Self signed certificate only works with localhost, not 127.0.0.1

I'm trying to generate a self-signed certificate such that my local development environment uses HTTPS, but I'm having some trouble. The reason for this is that I want to test push notifications on my phone through my local network (through my local…
Ryan Peschel
  • 11,087
  • 19
  • 74
  • 136
8
votes
2 answers

Web Crypto API without ssl

I wrote a little webapp for secure message transfer to learn more about encryption, and wanted to show it to my friends and let them play with it a little, so I hosted it on my little server, and was shocked to find that the Web Crypto API (which I…
Nicolai Veliki
  • 139
  • 1
  • 5
5
votes
1 answer

How to handle web apps requiring secure context in intranets?

I have a web application that will be used by customers in intranets. It uses features that require a secure context, such as getUserMedia. What is the best practice for this these days? Customers will have little technical knowledge and the app may…
brunobg
  • 786
  • 6
  • 27
5
votes
2 answers

A Geolocation request can only be fulfilled in a secure context

I am using HTML5 Geolocation feature. My code is well running in 'localhost' but problem in 'subdomain' .My code below: if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(showPosition, showError); } else { …
Zahid
  • 470
  • 1
  • 3
  • 15
5
votes
1 answer

How to access an insecure websocket from a secure website?

TL;DR: A website is served over HTTPS and needs to access a WebSockets server over an unencrypted channel (ws:// url). The browser doesn't like this. Encrypting the websocket is possible, but inconvenient - there is no trusted authority which could…
Vilx-
  • 104,512
  • 87
  • 279
  • 422
4
votes
1 answer

Chrome - Password/Credit Card input within an iFrame

I am using an iFrame which is hosted on another domain that has an SSL certificate. On the page where the iFrame is used I get 'Not Secure' message next to the domain in Google Chrome and the following warning in the console log: This page includes…
nsilva
  • 5,184
  • 16
  • 66
  • 108
3
votes
1 answer

Can Firefox 76 be forced to consider .localhost subdomains as Secure Context without tls?

We are using .localhost domains for development of our applications, and we have multiple applications living at different domains. We are at point where we need to test features requiring pages to execute in Secure Context, i.e. Service Workers and…
OhJeez
  • 2,774
  • 2
  • 14
  • 18
3
votes
1 answer

Redirect from HTTP to HTTPS using node.js/Express

Is there any way I can change my web app to listen on HTTPS instead of HTTP. I'm using node.js/express. I need it to listen on HTTPS because I'm using geolocation, which Chrome no longer supports unless being served from a secure context such as…
user11104077
3
votes
2 answers

Google Chrome's "secure context" on a LAN?

Chromium doesn't allow a website to access a user's camera unless the page is hosted in a "secure context". Usually that means a web server that has a valid TLS (HTTP) certificate, but there's also an exception for localhost. I'm working on an app…
jes5199
  • 18,324
  • 12
  • 36
  • 40
3
votes
2 answers

Difference in window.location.protocol and window.isSecureContext?

In JavaScript you can check whether the url/website accessed is over Http or Https, via 2 ways window.location.protocol which returns http: or https: window.isSecureContext which returns true for https and false for http. I know that…
GetGimphed
  • 45
  • 8
2
votes
2 answers

Make local network IP a secure context?

Many features of the web are not supported when in insecure contexts. For example the crypto.subtle API is undefined if not running over https. I had been developing over localhost and there is an exception here where the context is still considered…
David Callanan
  • 5,601
  • 7
  • 63
  • 105
1
2