W3C home > Mailing lists > Public > public-webcrypto@w3.org > February 2016

Re: Allowing web crypto on non secure origin

From: Eric Roman <ericroman@google.com>
Date: Tue, 23 Feb 2016 14:14:21 -0800
Message-ID: <CAFswn4mCYaTkUMfij7X3BxDCJLvL_0DpVTW9+ev=ivCFteTN0g@mail.gmail.com>
To: Jonghyuk Park <jonghyukpark0@gmail.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
In Chrome access to WebCrypto is restricted to secure origins [1]

You cannot use it on http://* except for some special cases, namely
http://localhost/

See also [2]

[1]
http://www.chromium.org/Home/chromium-security/security-faq#TOC-Which-origins-are-secure-
[2] https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy


On Tue, Feb 23, 2016 at 11:59 AM, Jonghyuk Park <jonghyukpark0@gmail.com>
wrote:

> Hello,
> Is there a way to use web crypto on http (not https)?
>
>
>
Received on Tuesday, 23 February 2016 22:14:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 23 February 2016 22:14:49 UTC