Jaaap
commented
5 years ago Did you successfully switch to https on your local server?
Closed RaniSputnik closed 5 years ago
Jaaap
commented
5 years ago Did you successfully switch to https on your local server?
RaniSputnik
commented
5 years ago I haven't done it yet, but I still plan to https://github.com/RaniSputnik/sqrl-go/issues/10.
Currently I'm using a modified version of the extension to get around the issue.
What is your view on this? Happy to close the issue if you believe this should not be changed in the extension.
Jaaap
commented
5 years ago The last i heard about it from Steve was this: https://www.grc.com/x/news.exe?cmd=article&group=grc.sqrl&item=17009
The use of non-HTTPS connections for SQRL has been deprecated and removed from the specification. We added a number of features that required HTTPS, so we finally decided to make it HTTPS only.
so i think we're supposed to go https-only.
RaniSputnik
commented
5 years ago Cool, sounds pretty definitive to me. I'll close this and work on a fix from my side.
I'm writing a SQRL server and I noticed that, when testing locally over HTTP, the extension fails to log me in with a COA error. There are two places in
background.jswhere we swap the sqrl protocol for https.If we instead swapped in the window protocol, then the extension could work for a page served over http. The question is, would we actually want to fix this given that SQRL transactions should all be made over HTTPS anyway?
From my side, I'm going to be changing my local development server to serve over https instead. Thanks for all your work on this extension!