Improve insecure domain notification

[vsantalov]

When I try to access code-server over a local network I get an error message code-server is being accessed over an insecure domain I understand that the recommended method to expose the server is either SSH or reverse proxy. All these methods are an overkill if the server is always behind the same firewall as the client. There should be a way to acknowledge the message and dismiss it permanently. I did not notice any broken functionality despite the warning.

[jsjoeio]

I could be wrong here, but I believe code-server needs to be accessed over a secure domain in order for browsers to allow service workers and other features of code-server.

I did not notice any broken functionality despite the warning

Though you did say.

There should be a way to acknowledge the message and dismiss it permanently

I wonder if we add some custom functionality to code-server which lets check a box like "Don't show this again"

cc @code-asher thoughts?

[code-asher]

My main concern was that people will submit webview/copy/paste/etc issues that are caused by using an insecure domain but that's been happening anyway so maybe it won't matter if we make it dismissable.

Maybe we could consider adding something to the issue template that asks if code-server is being accessed over a secure domain or not.

Or, actually, I think the best solution would be to remove the notification and then when someone tries to use a feature that doesn't work without a secure domain we then pop up a notification explaining why it doesn't work (like when a user tries to copy or open a web view).

[Alsabti5810]

When I try to access code-server over a local network I get an error message code-server is being accessed over an insecure domain I understand that the recommended method to expose the server is either SSH or reverse proxy. All these methods are an overkill if the server is always behind the same firewall as the client. There should be a way to acknowledge the message and dismiss it permanently. I did not notice any broken functionality despite the warning.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

[RealKoenisch]

Please reopen this issue, its an annoying permant message.

[RealKoenisch]

Are there any activities planned to avoid this behaviour, maybe in the settings?

[code-asher]

No plans at the moment but if someone wants to implement this we are definitely happy to merge:

I think the best solution would be to remove the notification and then when someone tries to use a feature that doesn't work without a secure domain we then pop up a notification explaining why it doesn't work.

I just tested and here is what I saw was broken (mostly just webviews but there might be other things I missed):

• Paste
• Extension details, markdown preview, images, parts of the getting started walkthrough, welcome pages from extensions like GitLens (all these are webviews)

[den-mac]

I'm just using this as a config editor so the message is an annoyance to me; every time I use it I have to close the dialog.

Would love a setting to turn it off.

[carefulcomputer]

+1