-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crypto.subtle is available only in secure contexts (HTTPS) #1550
Comments
While working in a local dev environment, You can also activate // vue.config.js
module.exports = {
devServer: {
...
host: '0.0.0.0',
https: true,
...
}
} |
@Badisi Correct but if you got multiple server like keycloak oidc running on your local enviroment and mobile device emulator for developing web apps (android studio) you are forced to use hostnames or ips. Activating https results into mixed-content cause e.g. keycloak isnt running on https. |
There is no way going back. We are using browser built-in modules as much as possible. If you control you network you might can use development only proxy and handle what you need there... You can still use v2.4.0 of this library, which does not use |
I can fully understand why system components are favoured. However, it's just interesting that similarly sized/larger ones take a different path |
This is similar to our use case. To the point 'using http://localhost as the redirect should be fine', this is actually more insecure than the using IP. |
I am currently working on a Vue WebApp (+ Capacitor) and would like to develop in the private network, but I always get the following error message: "Crypto.subtle is available only in secure contexts (HTTPS).": It occurs as soon as I am redirected back from e.g. paypal in the web browser or with capacitor as soon as I click on the login button. My redirect_uri is http://:.
The security mechanism specifies that you should be in the protected network, which can be done by certificates etc. but is very time-consuming (especially since this is not necessary for almost all other oidc clients). It would be nice to switch off this feature for the develop operation by e.g. a parameter.
The text was updated successfully, but these errors were encountered: