crypto.subtle not available on Browser source when using local files

obsproject / obs-browser

CEF-based OBS Studio browser plugin

GNU General Public License v2.0

769 stars 217 forks source link

crypto.subtle not available on Browser source when using local files #407

Closed Hamcha closed 11 months ago

Hamcha commented 1 year ago

Operating System Info

Windows 10

Other OS

No response

OBS Studio Version

29.0.2

OBS Studio Version (Other)

No response

OBS Studio Log URL

https://obsproject.com/logs/OEMiQz1D4Hwv0WLO

OBS Studio Crash Log URL

No response

Expected Behavior

The crypto.subtle object should be available in both hosted and local files (AFAIK Chromium allows it on file:// and localhost)

Current Behavior

crypto.subtle is only available for remote/hosted pages, shows up as undefined in local pages

Steps to Reproduce

Create a browser source with a local file
Use the debugger to access the console
Check the value of crypto.subtle

Anything else we should know?

No response

RytoEX commented 1 year ago

From MDN Web Docs:

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

Why should this work in file:/// mode, which is not a secure context? Please double check if this works in the CEF client example.

Hamcha commented 1 year ago

Hmm it doesnt seem to work when I use file:/// in OBS, you are correct, I still think it should though. Is local file supposed to be much different than a self-hosted static server?

RytoEX commented 1 year ago

Hmm it doesnt seem to work when I use file:/// in OBS, you are correct, I still think it should though. Is local file supposed to be much different than a self-hosted static server?

Local files served through file:// (or file:///) are very much not equivalent to a file hosted through an HTTP server. If you need an equivalent experience, host an HTTP server. There are many very simple options for this, such as Python3's http.server.

Hamcha commented 1 year ago

Yeah that's been my experience so far (and why I've been hosting things locally), I was just wondering how much of that is by design, it makes helping my friends very hard because it's not as simple to ask them to do that. If this is not considered an issue I won't push further. Feel free to close.

RytoEX commented 1 year ago

After some local examination, this does appear to work fine in cefclient.exe, but not in obs-browser. @WizardCM might know where to look.

WizardCM commented 1 year ago

Officially, I believe the only way to make this work in our Local File mode is by using --unsafely-treat-insecure-origin-as-secure "http://absolute"

We could hardcode this value behind the scenes.

Fenrirthviti commented 1 year ago

I'm opposed to setting something as strongly worded to mean "unsafe, don't do this" as that option is by default. If we can confirm adding that as a launch flag to OBS corrects the problem, I'd consider this issue resolved.

gxalpha commented 1 year ago

@Hamcha please check if adding the flag mentioned above (https://github.com/obsproject/obs-browser/issues/407#issuecomment-1526224544) as a launch flag to OBS fixes this problem.

Fenrirthviti commented 11 months ago

The flag should resolve this issue, closing.