v4.104.0 code-server(latest) extensions can not use

[HappyToSummer]

Is there an existing issue for this?

• I have searched the existing issues

OS/Web Information

code-server: v4.104.0
Code: 1.104.0
Commit: ba774d9
Date: 2025-09-12T20:46:01.847Z (5 days ago)
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0
docker-images :lastest "sha256:c332e472e1ea1070d255281fc95e81177bcaa5ab59f4a6e27f6f0c928be11acc"

Steps to Reproduce

When I deploy HTTPS access, Chrome and Edge encounter this issue,
code-server is being accessed in an insecure context. Web views, the clipboard, and other functionality may not work as expected.

but Firefox can load plugins normally without any error messages. How can I handle this? Chrome browser does not have any browser plugins

Expected

left is Edge,right is firefox

Actual

this is my config.yaml

bind-addr: 0.0.0.0:8080 auth: password password: 7562bdbcd4a927ef0c050e66 cert: /config/.config/code-server/cert.pem cert-key: /config/.config/code-server/key.pem

Logs

Screenshot/Video

No response

Does this bug reproduce in native VS Code?

Yes, this is also broken in native VS Code

Does this bug reproduce in GitHub Codespaces?

Yes, this is also broken in GitHub Codespaces

Are you accessing code-server over a secure context?

• I am using a secure context.

Notes

No response

[ignaciocastro]

Download and test this.

This is a trojan.

[code-asher]

Hmm we show this notification when window.isSecureContext is false. If this returns false, then your browser must think the context is insecure, but I am not sure why. Maybe a recent change? I am pretty sure in the past a context was considered secure even if the certificate was not trusted.

Closing for now though since it does not appear we can do anything about it, we just trust what the browser tells us. If you can make your system trust the certificate, that could be one path forward.