Hi Marten, >> Looking at https://letsencrypt.org/docs/certificates-for-localhost/ they >> mention that "modern" browsers let you make insecure connections to >>127.0.0.1. >> Tested locally with a secure website connecting to ws://127.0.0.1 and it >> works fine. Which browsers do or don't support it I'm not sure though, >>but it could be enough for your use-case?
ws on 127.0.0.1 is not the problem. The problem is *mixed content* with ws on localhost: Almost any up2date CMS or web use case in general requires me to apply SSL (https) and I cannot run an unsecure websocket from a secure site. This sounds like a trivial problem but in practice this leads to my conclusion below. Best Alex -- http://www.carot.de Email : [email protected] Tel.: +49 (0)177 5719797 > Gesendet: Dienstag, 04. August 2020 um 10:00 Uhr > Von: "Mårten Nordheim" <[email protected]> > An: "Alexander Carôt" <[email protected]> > Cc: "Thiago Macieira" <[email protected]>, "[email protected]" > <[email protected]> > Betreff: Re: [Interest] wss:// on localhost > > Looking at https://letsencrypt.org/docs/certificates-for-localhost/ they > mention that "modern" browsers let you make insecure connections to 127.0.0.1. > Tested locally with a secure website connecting to ws://127.0.0.1 and it > works fine. Which browsers do or don't support it I'm not sure though, but it > could be enough for your use-case? > > Mårten > > ________________________________________ > From: Interest <[email protected]> on behalf of Alexander Carôt > <[email protected]> > Sent: Tuesday, August 4, 2020 09:51 > To: Alexander Carôt > Cc: Thiago Macieira; [email protected] > Subject: Re: [Interest] wss:// on localhost > > >> A conventional html page (classical web browser) launches a websocket via > >> wss://localhost:1234 and connects to a Qt > >application which hosts a QtWebsocket Server which binds to localhost:1234. > >This way I achieve communication between browser > >>and app. Would love to stay with ws:// but modern CMS (well - websites in > >>general) etc. require using SSL and mixed content is > >>not working anymore. > > 1) For now I do accept that wss://localhost:wxyz is not possible because > > 2) I identified a workaround: Rather than a websocket I create a UDP socket > on localhost and choose WebRTC within the browser in order to send UDP > messages. > > 3) Is it worth doing further discussion about wss://localhost.abcd or do we > have to accept also in the long term ? It would be a shame because it's such > a convenient solution. > > 4) It's also a shame how the Internet has become - I still have a mindset of > the year 2000 where the web was not really a significant resource of criminal > intent. I understand this can lead to misunderstanding ;-) > > 5) Thanks for all the comments - I actually learnt a lot regarding security ! > > > Best > > Alex > _______________________________________________ > Interest mailing list > [email protected] > https://lists.qt-project.org/listinfo/interest > _______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
