R
R
Roman2016-12-19 16:15:11
Browsers
Roman, 2016-12-19 16:15:11

How to avoid the SSL requirement for localhost?

There is a public site, the connection to which is secured with HTTPS. There is also a small software that is installed on the user's local computer and is a REST server (listens for requests from the user's browser to localhost, while the web application is loaded from the site mentioned at the beginning, and later, after processing the message , transfers data to an external device connected via USB CDC). The problem is that if this software is not running over HTTPS, Chrome highlights the connection in yellow (some resources are downloaded from an insecure connection), and Firefox generally blocks this connection until you allow loading insecure content. I ask for advice on how to organize communication so that browsers do not block connections with this software.

From visible solutions:
1, Third-level domain, with an A-record for 127.0.0.1 and a signed certificate for this domain. Enable HTTPS in the client software. I don't really like the presence of a private key in this software (that is, on the user's computer).
2. Remove HTTPS from the site. I would like to avoid this.
3. Turn the web application into an installable Chrome App and work with serial ports directly. Management does not welcome this decision, preferring the current solution.

I would appreciate alternative suggestions. The key point is that a web application downloaded from the Internet must be able to interact with equipment connected via serial ports.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question