How to enable crypto.subtle for unsecure origins in Chrome?

Question

In Chrome 60, they added a feature that disables crypto.subtle for non-TLS connections. Our product needs to run a local server and forward some secure

Answer 1

In Chrome 60, they added a feature that disables crypto.subtle for non-TLS connections

Not exactly, crypto.subtle is disabled for non-secure origins since first supported version (chrome 32?)

But localhost is considered a secure origin https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

“Secure origins” are origins that match at least one of the following (scheme, host, port) patterns:

• (https, *, *)

• (wss, *, *)

• (*, localhost, *)

• (*, 127/8, *)

• (*, ::1/128, *)

• (file, *, —)

• (chrome-extension, *, —)

So you should be able to use Web Cryptographi Api on http://localhost.

Are you using HTTPS for your site? It could be that you had a problem related to mixing HTTPS and HTTP. Chrome will block the HTTP connection to localhost. Then you could generate a self-signed certificate for 127.0.0.1 and launch your local server with HTTPS (similar to @SLaks answer but you will not need a hosts entry )

Answer 2

You should make a CNAME or hosts entry that points a valid domain at 127.0.0.1, then get a (perhaps self-signed) certificate for that domain.