Closed xaviergonz closed 6 years ago
related to #128
This seems to be a legit warning. What's your use case, where you want to load asmCrypto via http?
I'm not really loading the precompiled asmcrypto.js file from a script tag, there it would be a legit warning.
In my case I'm just using require('asmcrypto.js') and therefore it ends up inside a big bundle.js file created with fusebox, and that bundle.js file is the one loaded inside a page served via http.
You really shouldn't load the bundle.js file over http. It's just totally insecure, so it shouldn't do anything crypto related. For the http: origins the WebCrypto API is disabled as well.
Actually the only thing I'm using is the sha256 hash function to get the hash of some data, and the WebCrypto API is not disabled. Anyway I can't use https in this case since it is an special case where the page is in localhost and auto generated from a local server.
Either way I think I can live with a small warning :)
Using asmCrypto.js 0.16.0 from a http page when using it as a require issues the following warning:
asmCrypto seems to be load from an insecure origin; this may cause to MitM-attack vulnerability. Consider using secure transport protocol.