generated from PackagrIO/goweb-template
-
-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SubtleCrypto is required, but not checked for and no error presented #41
Comments
related - #14 |
forgot to close this now that we have a polyfill for subtle crypto. I'll update the PR. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
crypto.subtle
is only available on either secure contexts (HTTPS) or local non-secure contexts (localhost
,*.localhost
,127.0.0.1
).When self-hosting things (especially when quickly testing something new) things may be non-local, but not https (e.g. accessed by IP or internal DNS). There should probably be some sort of check when accessing the page (which could be done even before login) as to whether the context is secure and SubtleCrypto is available. The only indication of this issue I have found is a console message when attempting to add a provider (
ERROR Error: Uncaught (in promise): TypeError: can't access property "digest", crypto.subtle is undefined
)edit: It may also be desirable to have some sort of way to set a "base url" that users get redirected to when attempting to access fasten from the "wrong" URL, and that is used for any links within the app. The app could refuse to even start if the "base url" is a context that would allow the usage of SubtleCrypto. This is also important if the app were to e.g. send an email, it needs to know what URL to reolve relative paths and such against without the benefit of a user being on a page that it can use to determine that.
The text was updated successfully, but these errors were encountered: