search

fullphat / snarl

When { stuff_happens(); tell_me() }
http://snarl.fullphat.net
57 stars 2 forks source link

JSON HTTP server needs an HTTPS counterpart #44

Open blackwind opened 6 years ago

blackwind commented 6 years ago

I utilize custom calls to the JSON HTTP server via Greasemonkey scripts to trigger notifications for websites based on particular criteria. Some websites, unfortunately, have begun using HSTS, which means the browser transparently redirects all HTTP requests to HTTPS, thereby completely breaking the JSON API. Currently, I leverage a custom HTTP > HTTPS proxy to work around this, but as HSTS becomes more and more common, I believe the forward-thinking move would be to add a JSON HTTPS server to Snarl itself.

Such a feature would require a way to configure your own .crt and .key files, of course, which you'd then add to the trusted cert store for your computer and/or browser.

fullphat commented 6 years ago

Totally agree and this has been on my radar for some time. Code-wise, it seems very straightforward to make HttpListener listen out for SSL connections - where it gets less clear is how the cert should be created, where it should be stored, and how it should be bound to the correct port. This link:

https://stackoverflow.com/questions/11403333/httplistener-with-https-support

seems the most promising. I just need to find the time to work through it... 😀

fullphat commented 6 years ago

Managed to get Snarl's admin console working via HTTPS. 😄 Relatively straightforward really - creating a CA/signed key is the main faff. I'll try to get a build out that includes SNP/HTTPS so you can test it for yourself.

fullphat commented 6 years ago

Listeners now include a "Use Secure Connection" option (which currently only works for SNP/HTTP). If checked, Snarl will create the listener using HTTPS rather than HTTP. Tested and appears to be working ok.

blackwind commented 6 years ago

Excellent, that was quick! Any word yet on my R5 dealbreakers? I'm positively itching to finally migrate, but am very much dependent on the Cobalt, Music Video, and OSX-ish styles, Program Files support, an Event Log monitor that can be filtered, and Win+Esc.

fullphat commented 6 years ago

Win+ESC I can add and eventlogd I can improve as well.

Have you tried running the latest Beta from program files? Does it still not work? Beta 4 added style support, albeit limited support and it doesn't cater for special styles such as Music Video and OSX-ish.

blackwind commented 6 years ago

I can confirm Beta 4 works from Program Files -- or, at least, I didn't notice any quirks during the brief few minutes I messed with it this time. Glad to see Cobalt in there now, though it's not quite the same as before. I didn't see a rule option to choose a different style, so that will need to be addressed alongside special styles. Would also be nice to see all those "Saving..." interstitials replaced with an in-page AJAX notification.

blackwind commented 5 years ago

Hope to see all this in R5 final. Excited to finally dive in!