taneltm
commented
1 year ago I agree, it would make development and testing easier.
Both the library and the extension check for Secure Context, which makes an exception for locally-delivered resources.
Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.
However, web-eid-app does not allow http://localhost and exits with ERR_WEBEID_NATIVE_FATAL.
origin scheme has to be https or wss in src/controller/command-handlers/certificatereader.cpp:134:validateAndStoreOrigin
As I see it, we could solve it in two ways:
- Change web-eid-app to allows local origins without HTTPS
- Make the extension lie about the origin in DEBUG mode and provide
https://debug.localhostas the origin to web-eid-app.
As a workaround, you can edit /web-eid-webextension/src/content/content.ts and replace all instances of event.origin with "https://localhost".
To make development with the library easier, it should allow http://localhost:XXX or provide an option to disable https check.