New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Library requires https on localhost in development #30

Open

tenor-dev opened this issue Aug 19, 2022 · 2 comments

tenor-dev commented Aug 19, 2022

To make development with the library easier, it should allow http://localhost:XXX or provide an option to disable https check.

Member

taneltm commented Nov 10, 2022

I agree, it would make development and testing easier.

Both the library and the extension check for Secure Context, which makes an exception for locally-delivered resources.

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

However, web-eid-app does not allow http://localhost and exits with ERR_WEBEID_NATIVE_FATAL.

origin scheme has to be https or wss in src/controller/command-handlers/certificatereader.cpp:134:validateAndStoreOrigin

As I see it, we could solve it in two ways:

Change web-eid-app to allows local origins without HTTPS
Make the extension lie about the origin in DEBUG mode and provide https://debug.localhost as the origin to web-eid-app.

As a workaround, you can edit /web-eid-webextension/src/content/content.ts and replace all instances of event.origin with "https://localhost".

Member

taneltm commented Jan 30, 2025

@tenor-dev , I'm sorry it took so long, but we finally have an open PR web-eid/web-eid-webextension#79 which will give you an option to use http://localhost.
This feature is planned for the next extension release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment