Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
458 views
in Technique[技术] by (71.8m points)

chromium - How to enable crypto.subtle for unsecure origins in Chrome?

In Chrome 60, they added a feature that disables crypto.subtle for non-TLS connections. Our product needs to run a local server and forward some secure remote connections to localhost for security reasons. Because localhost isn't technically a named domain, we cannot use TLS--effectively making crypto.subtle unusable in Chrome (and chromium-based browsers like Opera), and forcing us to use a less secure shim like asmCrypto.js. Is there any way to tell Chrome to enable crypto.subtle through headers? Is there any way to disable the new feature in the settings that we can tell users about (worst case scenario)?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

In Chrome 60, they added a feature that disables crypto.subtle for non-TLS connections

Not exactly, crypto.subtle is disabled for non-secure origins since first supported version (chrome 32?)

But localhost is considered a secure origin https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features

“Secure origins” are origins that match at least one of the following (scheme, host, port) patterns:

  • (https, *, *)

  • (wss, *, *)

  • (*, localhost, *)

  • (*, 127/8, *)

  • (*, ::1/128, *)

  • (file, *, —)

  • (chrome-extension, *, —)

So you should be able to use Web Cryptographi Api on http://localhost.

Are you using HTTPS for your site? It could be that you had a problem related to mixing HTTPS and HTTP. Chrome will block the HTTP connection to localhost. Then you could generate a self-signed certificate for 127.0.0.1 and launch your local server with HTTPS (similar to @SLaks answer but you will not need a hosts entry )


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...