It should be possible for an app to express that HTTPS is required

teleclimber / Dropserver

An application platform for your personal web services. https://dropserver.org

Apache License 2.0

42 stars 1 forks source link

It should be possible for an app to express that HTTPS is required #117

Open teleclimber opened 9 months ago

teleclimber commented 9 months ago

Some web platform functionality can only work if the page is served over HTTPS, things like getUserMedia (webcam), notifications, service workers, geo-location. If these features are central to the functionality of the app, then the user should be warned if their instance is configured to serve apps over HTTP.

But then again, why would anybody use HTTP? Maybe because they are hosting locally? It could also be up to the app to detect this condition on a case-by-case basis?

ocdtrekkie commented 9 months ago

It is very common to have Sandstorm configurations set to use HTTP because there is something like a reverse proxy, sniproxy, Cloudflare Tunnel, etc. in front of it providing encryption. So this may be something you want to detect on access as opposed to relying on the configuration. Though I think even in those cases there is an "https" in the configuration file somewhere so the app knows how to format the links.

teleclimber commented 9 months ago

Yes external-access.scheme in the config should be checked to know if the app is served over HTTPS or not.