Do not require wss when target host is loopback address #129
Comments
|
See |
|
Hey! Please see #116 for reasoning behind and https://github.com/libp2p/js-libp2p-websockets/releases/tag/v0.15.0 on how you should configure libp2p for testing (some Doing what you suggest will basically move us to the same problem we had in the past. Peers advertise their loopback addresses (and we cannot control this), which means we will attempt to dial them using websockets and all the errors in the browser will be back. Do you have an alternative solution in mind to work around this? IMHO I agree that needing to do the configuration linked above is annoying and also adds the need to add the filter for local testing/Development (we have this in the docs/examples), but in a production environment such dials should not happen. |
This line makes dialling a local node from a webworker or browser over websockets impossible without also setting up WSS which makes writing tests for things a whole lot harder.
This check should be relaxed as the browser will allow regular WS connections to loopback addresses without requiring SSL, since traffic cannot be snooped on by malicious third parties when it does not leave the host machine. Other processes on your computer may snoop, but if that's happening you are already compromised.
The text was updated successfully, but these errors were encountered: