501st-alpha1
commented
1 year ago Ah, I just found #323 (it wasn't showing up in my initial search for some reason), which mentions doing this for Nostr. This does make sense, because users may connect to some Nostr relays over plain ws:// (though I think most of mine are wss:// anyway).
My thoughts above still stand, so unless there is some other major reason this is needed, would it be better to note this in the docs as optional and only needed for some services?
k0gen
Why do I need to enable
network.websocket.allowInsecureFromHTTPSin Firefox?I was going through the Firefox Linux guide to make sure one of my devices was set up correctly, when I came across this step:
There isn't any explanation there, and I managed to find the PR which added this step, but I don't see an explanation there either.
Based on some brief web searching, my understanding is this setting allows connections from insecure websockets (i.e.
ws://instead ofwss://) created on otherwise secure web pages (HTTPS). Once I got my Root CA cert set up, I've always connected to my Embassy over HTTPS (whether to .local or .onion), so that part makes sense, but are there certain Start9 services that are creating insecure websockets for some reason? If so, wouldn't any data passed over such websockets be exposed to anyone watching the network traffic? (Not a huge risk over local/Tor networks, but I'm still not excited about the idea.)What's worse is this appears to be a global setting, so it would apply to any websites I visit, not just my Start9 services. Thus if my understanding of this is correct, I'd prefer to find workarounds for any Start9 services that need it (e.g. maybe I just don't use Firefox for that service), rather than enabling this setting globally.
Please let me know if I'm misunderstanding anything here.