We did notice today an issue in automatic detection of zip code based on the user s location. I is not working in Chrome but when i open the url in Chrome it didn't work. We had to configure the sites to https and then it works ok.
Example : https://where-am-i.live works well with SSL certificate but without https it is not working in Chrome.
https://developer.mozilla.org/en-US/docs/Web/API/Geolocation_API
This feature is available only in secure contexts (HTTPS), in some or
all supporting browsers.
Related
Many modern Web APIs are gated by the browser to be HTTPS only. This is good for users but can make developing painful. During development I'd like to be able to turn off that requirement just for testing.
Is there a flag I can set (about:config in firefox, about:flags in chrome) or a command line parameter I can pass in to turn off that requirement so I can test without having to setup https certs and add them to the browser?
Note: I understand the https requirement is dropped for localhost but I'm often hosting on one machine (like a laptop) and testing on another (like an Android device) or a different desktop. I know I can generate a local cert and run a server that supports https. I then have to deal with security warnings on the browsers (invalid cert) and/or add the private certs to all the devices OR I have to register a domain solely for the purpose of getting a valid cert via letsencrypt. For my own dev I'd just like to temporarily turn off that check in the browser if possible. Of course what I actually serve to users will be https but during dev if I could turn off that requirement things would be so much easier.
In my particular case I'm trying to use WebXR so dev happens on my laptop but actual testing happens on an Android device where the page is served from my laptop.
One solution suggested here is to use Chrome's port forwarding
https://developers.google.com/web/tools/chrome-devtools/remote-debugging/local-server
That works for Chrome desktop to Android
On your desktop you tell desktop chrome what site at what port to forward to your android device at another port. That site can be a server on the internet or a server running locally on your desktop. On the android device you can then access that site at http://localhost:<port-you-specified>. https requirements are dropped for locahost host so you can now use the APIs that were restricted otherwise.
Chrome has a developer setting Insecure origins treated as secure in chrome://flags/, this is a text field where you can add a list of origins treated as secure for development purposes. (Via https://github.com/immersive-web/webxr/issues/60)
I have a form in my laravel webapp where the user needs to add a profile picture through webcam. While developing in localhost(secure origin), it was working fine but now when i am trying to access it using my IP address, it doesn't seem to work.
I used "navigator.mediaDevices.getUserMedia" for accessing webcam while developing my project but now when the website is made live(or testing through my IP), chrome says that "getUserMedia() no longer works on insecure origins". I also tried Webcam.js but same came across the same error.
navigator.mediaDevices.getUserMedia(constraints).
then(handleSuccess).catch(handleError);
Error output in console:
[Deprecation] getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins for more details.
Starting with Chrome 47, getUserMedia() requests are only allowed from secure origins: HTTPS or localhost.
did you check this page? I think you're using HTTP. I'd like to switch to HTTPS and test it.
https://developers.google.com/web/updates/2015/10/chrome-47-webrtc?hl=en
As you can see from the doc, chrome requires a secure context for using it:
So you must switch to https for testing it in chrome
I'm pretty aware of this warning that being shown when attempting to ask permission of using the Mic on non HTTPS origins using chrome.
getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
So my question is there a way to test, demo, sandbox, etc this feature of HTML5 in chrome without having to buy/install/configure or create a ssl certificate ?
I read something on SO about localhost being treated as a secure origin over http (just tested this with chrome 48 and it's not working).
Is there a way to use IP's (e.g : 192.168.1.2) instead of example.com when using this chrome flag ?
--unsafely-treat-insecure-origin-as-secure="example.com"
I've set up a central WebApi site that will provide general CRUD capability for various sites across our domain. I've configured the whole shebang to utilize CORS with the standard jquery ajax httprequest or, in the case of older IE versions, XDomainRequest. So far, everything checks out, it works splendidly. My problem is that I can't seem to find a machine with IE8 in order to complete user agent testing. The site works wonderfully when I go into the developer tools on IE 11 and set it to emulate IE8 but I'm not ready to pop the champagne cork just yet.
My question is: will the developer tools' IE8 mode fully emulate that browser's behavior, down to the way it handles cross domain requests or do I need to either find a user with IE8 and have them test it or spin up a VM with it?
You can download a virtual machine with IE8 from Microsoft's modern.ie site at http://dev.modern.ie/tools/vms/ and test your site with that.
We are developing an application using node.js and meteor.js, this application is working fine in Firefox, Chrome and IE 10, but when we try to browse this application in IE-9, it doesn't load.
I have investigated the request/response of both browsers (IE9, Firefox) and I have found that for XHR requests, IE 9 uses iframe polling instead of web sockets for data transfer. IE 9 does not maintain the cookies in this case and that causes 401 errors for every XHR request. So the cookie is not being sent in the iframe in IE 9.
I have investigated how we can enable cookies for the iframe, and I have found that we can achieve this using privacy policy platform (p3p). To enable the p3p you will have to add p3p key in response header and privacy.policy file in w3c folder inside the domain folder. I have done all of this.
But things are not working in my case, I have done a lot of R&D to set the different -2 key of p3p. But still facing the issue of loading the application in IE9.
You may not be able to get there from here.
But there's support in Flow Router apparently. Support appears to be package by package.
https://kadira.io/blog/meteor/flow-router-ie9