-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
For local dev, post-install self-signed cert for HTTPS (via BrowserSync hopefully) #1804
Comments
Although Additionally, when testing a WebVR site (without ngrok/localtunnel/self-signed HTTPS), any WebVR site loaded in Chrome for Daydream injects a "This site is not secure" window that persists directly in front of you in VR (for the entire duration of the VR session); it's really the worst. Unfortunately, when serving over a non-secure origin, most browsers won't let you use APIs such as Service Workers, I've looked at several projects/boilerplate/starter kits; unfortunately, most of them have quite convoluted instructions for setting up HTTPS (because it's intentionally difficult to generate self-signed certs [especially wildcard ones] and get the browser + OS to accept them, especially on macOS). Possible solutions that come to mind:
|
OK. I had a section on ngrok in the School, and I can add it to the Getting Started some time. Since the entry point is starting to be more and more Glitch, that will help as well. |
awesome - thanks! 👍 also, great work on the Glitch boilerplates. very excited to be able to do more development from my Chromebook. 💻 😺 |
You can also use your homepage on Keybase |
In order to use "powerful APIs," your site must be served from a "secure origin" - that is, be served over TLS or
http://localhost:*
/http://127.0.*.*
(see [this](https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and [this]%28https://w3c.github.io/webappsec-secure-contexts/%29 and [this]%28immersive-web/webxr#60, etc. for more context).It's worth noting that WebVR is not a "powerful API" just yet, but already today some APIs such as are already a hassle to use (door-hanger permission prompts spamming on every API request/page load in Firefox or disabled in Chrome). Example:
navigator.getUserMedia
with Firefox over HTTP won't persist the "allowed" notification (only for HTTPS), and the API is already outright deprecated for external IPs/non-HTTPS origins in Chrome.There's an easy way to create a self-signed cert from an
npm command
: https://github.com/cvan/webvr-holodeck/blob/6581527/package.json#L9It's worth noting that
budo
offers this out of the box now: https://github.com/mattdesl/budo/blob/master/CHANGELOG.md#900Relevant to issue #1277, which is being handled in PR #1671… also good news is that BrowserSync also already supports HTTPS out of the box (just set
https: true
in the options). (And here's the relevant script: https://github.com/BrowserSync/browser-sync/blob/master/lib/server/certs/gen.sh)The text was updated successfully, but these errors were encountered: