Hi Marten, >> Looking at https://letsencrypt.org/docs/certificates-for-localhost/ they >> mention that "modern" browsers let you make insecure connections to >>127.0.0.1. >> Tested locally with a secure website connecting to ws://127.0.0.1 and it >> works fine. Which browsers do or don't support it I'm not sure though, >>but it could be enough for your use-case?
ws on 127.0.0.1 is not the problem. The problem is *mixed content* with ws on localhost: Almost any up2date CMS or web use case in general requires me to apply SSL (https) and I cannot run an unsecure websocket from a secure site. This sounds like a trivial problem but in practice this leads to my conclusion below. Best Alex -- http://www.carot.de Email : alexan...@carot.de Tel.: +49 (0)177 5719797 > Gesendet: Dienstag, 04. August 2020 um 10:00 Uhr > Von: "Mårten Nordheim" <marten.nordh...@qt.io> > An: "Alexander Carôt" <alexander_ca...@gmx.net> > Cc: "Thiago Macieira" <thiago.macie...@intel.com>, "interest@qt-project.org" > <interest@qt-project.org> > Betreff: Re: [Interest] wss:// on localhost > > Looking at https://letsencrypt.org/docs/certificates-for-localhost/ they > mention that "modern" browsers let you make insecure connections to 127.0.0.1. > Tested locally with a secure website connecting to ws://127.0.0.1 and it > works fine. Which browsers do or don't support it I'm not sure though, but it > could be enough for your use-case? > > Mårten > > ________________________________________ > From: Interest <interest-boun...@qt-project.org> on behalf of Alexander Carôt > <alexander_ca...@gmx.net> > Sent: Tuesday, August 4, 2020 09:51 > To: Alexander Carôt > Cc: Thiago Macieira; interest@qt-project.org > Subject: Re: [Interest] wss:// on localhost > > >> A conventional html page (classical web browser) launches a websocket via > >> wss://localhost:1234 and connects to a Qt > >application which hosts a QtWebsocket Server which binds to localhost:1234. > >This way I achieve communication between browser > >>and app. Would love to stay with ws:// but modern CMS (well - websites in > >>general) etc. require using SSL and mixed content is > >>not working anymore. > > 1) For now I do accept that wss://localhost:wxyz is not possible because > > 2) I identified a workaround: Rather than a websocket I create a UDP socket > on localhost and choose WebRTC within the browser in order to send UDP > messages. > > 3) Is it worth doing further discussion about wss://localhost.abcd or do we > have to accept also in the long term ? It would be a shame because it's such > a convenient solution. > > 4) It's also a shame how the Internet has become - I still have a mindset of > the year 2000 where the web was not really a significant resource of criminal > intent. I understand this can lead to misunderstanding ;-) > > 5) Thanks for all the comments - I actually learnt a lot regarding security ! > > > Best > > Alex > _______________________________________________ > Interest mailing list > Interest@qt-project.org > https://lists.qt-project.org/listinfo/interest > _______________________________________________ Interest mailing list Interest@qt-project.org https://lists.qt-project.org/listinfo/interest
