secure-context

问题 TL;DR: A website is served over HTTPS and needs to access a WebSockets server over an unencrypted channel (ws:// url). The browser doesn't like this. Encrypting the websocket is possible, but inconvenient - there is no trusted authority which could sign the certificate and thus it will be needed to manually install it for every client. I'd like to leave that as the last resort. The website must be served over HTTPS and cannot be downgraded to HTTP. Is there any other way to bypass this

问题 TL;DR: A website is served over HTTPS and needs to access a WebSockets server over an unencrypted channel (ws:// url). The browser doesn't like this. Encrypting the websocket is possible, but inconvenient - there is no trusted authority which could sign the certificate and thus it will be needed to manually install it for every client. I'd like to leave that as the last resort. The website must be served over HTTPS and cannot be downgraded to HTTP. Is there any other way to bypass this

问题 Is there any way I can change my web app to listen on HTTPS instead of HTTP. I'm using node.js/express. I need it to listen on HTTPS because I'm using geolocation, which Chrome no longer supports unless being served from a secure context such as HTTPS. This is the current './bin/www' file which currently listens on HTTP. #!/usr/bin/env node var app = require('../app'); var debug = require('debug')('myapp:server'); var http = require('http'); var port = normalizePort(process.env.PORT || '9494'

问题 Is there any way I can change my web app to listen on HTTPS instead of HTTP. I'm using node.js/express. I need it to listen on HTTPS because I'm using geolocation, which Chrome no longer supports unless being served from a secure context such as HTTPS. This is the current './bin/www' file which currently listens on HTTP. #!/usr/bin/env node var app = require('../app'); var debug = require('debug')('myapp:server'); var http = require('http'); var port = normalizePort(process.env.PORT || '9494'

问题 Is there any way I can change my web app to listen on HTTPS instead of HTTP. I'm using node.js/express. I need it to listen on HTTPS because I'm using geolocation, which Chrome no longer supports unless being served from a secure context such as HTTPS. This is the current './bin/www' file which currently listens on HTTP. #!/usr/bin/env node var app = require('../app'); var debug = require('debug')('myapp:server'); var http = require('http'); var port = normalizePort(process.env.PORT || '9494'

问题 Is there any way I can change my web app to listen on HTTPS instead of HTTP. I'm using node.js/express. I need it to listen on HTTPS because I'm using geolocation, which Chrome no longer supports unless being served from a secure context such as HTTPS. This is the current './bin/www' file which currently listens on HTTP. #!/usr/bin/env node var app = require('../app'); var debug = require('debug')('myapp:server'); var http = require('http'); var port = normalizePort(process.env.PORT || '9494'

问题 We are using .localhost domains for development of our applications, and we have multiple applications living at different domains. We are at point where we need to test features requiring pages to execute in Secure Context, i.e. Service Workers and Push API. Google Chrome for a past few versions has been marking all sites coming from .localhost domain as Secure Context, allowing local, hassle-free testing of Service Workers, Push API, etc. I cannot find a way to force Firefox 76 to consider

问题 We are using .localhost domains for development of our applications, and we have multiple applications living at different domains. We are at point where we need to test features requiring pages to execute in Secure Context, i.e. Service Workers and Push API. Google Chrome for a past few versions has been marking all sites coming from .localhost domain as Secure Context, allowing local, hassle-free testing of Service Workers, Push API, etc. I cannot find a way to force Firefox 76 to consider

问题 Suppose the page below is loaded from https://127.0.100.1 . The page makes an XMLHttpRequest to http://127.0.100.2 . This seems like mixed content : The page is loaded over a secure connection and a resource is loaded over an insecure connection. Mixed content should be blocked by the browser. Yet, the page below works just fine.* Why does it work: Why isn't the request blocked? Update: Going beyond the accepted answer, browsers can be configured to block mixed content for such addresses. *

问题 Suppose the page below is loaded from https://127.0.100.1 . The page makes an XMLHttpRequest to http://127.0.100.2 . This seems like mixed content : The page is loaded over a secure connection and a resource is loaded over an insecure connection. Mixed content should be blocked by the browser. Yet, the page below works just fine.* Why does it work: Why isn't the request blocked? Update: Going beyond the accepted answer, browsers can be configured to block mixed content for such addresses. *