Question: HTTPS everywhere...problem

# Felipe Nascimento de Moura (6 years ago)

I know of (and I also support) the HTTPS everywhere campaign.

With that said...

I'm working on a software for a factory which will have:

  • 1 server in a room, with a node server running on it
  • many cellphones sending pictures
  • no internet access, everything works within the same, closed network

Have you seen the problem? I developed the thing in 2 days...now, I'm 4 days working on how to turn on the cameras in the cellphones as they are accessing the service using the serve's IP address (which, evidently, is not HTTPS).

This raised the question in my head. There shouldn't be at least an option? Something like a "yes, I AM sure of what I am doing, now let me do it please" option in browsers, perhaps a flag, perhaps a pattern...

The answers I got so far were "you can't do it with web technologies", and I will not accept that answer as final.

So...any option? Shouldn't web technologies allow us to develop this kind of software/service as well?

Do you know of any option/solution for such problem? I've been wasting my time with cordova and ionic, tried some caches, remote debuggin...so far, nothing.

I'm really disappointed with this...the thing is really cool, works so fine and fast and then...I can't install it there because my own browser does not trust my own software in my own cellphones closed in my own network accessing my own server :/

I even tried generating a certificate for it, but the server ends up with new IPs from time to time and, as it will be installed in different factories and stores, making it a static ip is not a good option.

Thanks you very much for any idea or suggestion.

[ ]s

--

Felipe N. Moura Web Developer, Google Developer Expert developers.google.com/experts/people/felipe-moura, Founder of

BrazilJS braziljs.org and Nasc nasc.io.

Website: felipenmoura.com / nasc.io Twitter: @felipenmoura twitter.com/felipenmoura

Facebook: fb.com/felipenmoura LinkedIn: goo.gl/qGmq

Changing the world is the least I expect from myself!

# Mark (6 years ago)

Have you tried just serving via https using your own signed certificates? That's an easy solution, right?

# Mark (6 years ago)

Oh sorry you said you tried that. Apologies. Maybe resolving to a dedicated Domain/Host?

# Claude Pache (6 years ago)

Le 4 août 2018 à 22:22, Felipe Nascimento de Moura <felipenmoura at gmail.com> a écrit :

I know of (and I also support) the HTTPS everywhere campaign.

I don’t think that ECMAScript has any feature related to the http protocol, or that make a distinction between secure and non-secure contexts. Wrong mailing list?

# Felipe Nascimento de Moura (6 years ago)

Well, I read it in the some doumentation about it and the logged error message was informing about this. But indeed, the ES documentation is not mandatory about it. I'm trying contact with people from the Chrome devtools about it. I just realized it works in Firefox on Android...is a small limitation but is some hope!

About the local domain suggested by Mark, I will have to check the availability to configure a dedicated DNS server there...this is also an interesting possibility.

So, as for the ES definitions, this is not a rule to be applied in all browsers in a near future?

Thanks.

[ ]s

--

Felipe N. Moura Web Developer, Google Developer Expert developers.google.com/experts/people/felipe-moura, Founder of

BrazilJS braziljs.org and Nasc nasc.io.

Website: felipenmoura.com / nasc.io Twitter: @felipenmoura twitter.com/felipenmoura

Facebook: fb.com/felipenmoura LinkedIn: goo.gl/qGmq

Changing the world is the least I expect from myself!

# Zachary Yaro (6 years ago)

I am not sure off the top of my head which officially require it in the spec, but I know a lot of more recent APIs, including service worker, push notifications, and geolocation, require HTTPS in some or all modern browsers, and I know at least the Chrome team plans to require HTTPS for more APIs in the future.

Zachary Yaro

# Peter Jaszkowiak (6 years ago)

All of those are browser, not ES, apis.

# Zachary Yaro (6 years ago)

Oh, fair point.

Zachary Yaro

# Felipe Nascimento de Moura (6 years ago)

Thanks then. I'm gonna focus on discussing it with browsers vendors.

Cheers.

[ ]s

--

Felipe N. Moura Web Developer, Google Developer Expert developers.google.com/experts/people/felipe-moura, Founder of

BrazilJS braziljs.org and Nasc nasc.io.

Website: felipenmoura.com / nasc.io Twitter: @felipenmoura twitter.com/felipenmoura

Facebook: fb.com/felipenmoura LinkedIn: goo.gl/qGmq

Changing the world is the least I expect from myself!