Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mixed Content security error for 'std:kv-storage' #60

Closed
metafeather opened this issue Sep 4, 2019 · 7 comments

Comments

@metafeather
Copy link

commented Sep 4, 2019

Browser: Google Chrome on MacOS 10.14.6 - Version 76.0.3809.132 (Official Build) (64-bit)

Including https://unpkg.com/es-module-shims@0.4.1/dist/es-module-shims.js in an html page running under HTTPS results in a security error:

Mixed Content: The page at 'https://my-domain/test.html' was loaded over HTTPS, but requested an insecure script 'std:kv-storage'. This request has been blocked; the content must be served over HTTPS.
@guybedford

This comment has been minimized.

Copy link
Owner

commented Sep 4, 2019

This is the way in which builtin support is being performed by the loader, and the errors don't have any effect on the running functioning of the page.

I certainly agree though it would be nicer if we could avoid them somehow, and there might well be approaches. Will leave this open to track that.

@guybedford

This comment has been minimized.

Copy link
Owner

commented Sep 6, 2019

I've switched this detection to happen lazily so that the console errors are avoided unless you explicitly load kv-storage. #62

@guybedford guybedford closed this Sep 6, 2019
@MicahZoltu

This comment has been minimized.

Copy link
Contributor

commented Sep 8, 2019

In chrome I'm getting a similar, but not the same error:

GET std:kv-storage net::ERR_UNKNOWN_URL_SCHEME
(anonymous) | @ | VM34:1
(anonymous) | @ | es-module-shims.js:487
resolve | @ | es-module-shims.js:492
...

Will this also be fixed when #62 is released, or is it something different?

@vedtam

This comment has been minimized.

Copy link

commented Sep 8, 2019

@MicahZoltu having the same error

Screen Shot 2019-09-08 at 10 25 07

@vedtam

This comment has been minimized.

Copy link

commented Sep 8, 2019

here's a demo throwing the very first error (plain, fresh project) when accessing the app via https:
https://vedtam-pika-demo.glitch.me

Screen Shot 2019-09-08 at 17 34 19

If I access the link via http:// only, the above error surely goes away, but then the second (image in my prev. post) pops up.

and the source (you may need to open the console to get to './web_modules'):
https://glitch.com/edit/#!/vedtam-pika-demo?path=index.html:10:25

@guybedford

This comment has been minimized.

Copy link
Owner

commented Sep 8, 2019

0.4.3 released with the fix.

@vedtam

This comment has been minimized.

Copy link

commented Sep 9, 2019

@guybedford thanks! In the meantime I figured it out that the second throw is "expected", as it may be for a feature detect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.