Make server host pages securely using self-signed certificate #717
Labels
Comments
|
This would also require the change mentioned in #685 which is currently a workaround to add this feature since it isn't currently built into the system. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently all of the pages are served using HTTP instead of HTTPS. Honestly this is fine for most aspects of this system, but it does create a couple of issues, is not the most secure, and may cause big issues in the future.
As an example of where this is a problem, I have created a tool to connect the WebSocket from the FTC Live API to OBS Studio. It works well and having it hosted on the cloud makes it easy for different events to use it at the same time without needing to run special software. The problem is it currently only works if run from the same computer that is running the score system and OBS studio because if FTC Live is on a different computer Chrome blocks the WebSocket connection because of
Mixed Content(full error message at the bottom).I have run into this limitation in other places as well, and Google through Chrome is really strongly pushing everything towards HTTPS and keeps removing HTTP features and will likely eventually succeed in completely blocking HTTP (they have been trying to do this for at least the last 4 years now).
Describe the solution you'd like
Have the system generate and use a self-signed SSL certificate. This can be done along with #664 to have an easy-to-use domain name and eliminate the need for using IP addresses to access the system.
Describe alternatives you've considered
Keep hosting everything via HTTP and hope that Chrome/Mozilla don't break any features the system relies upon, and keep working around the issues with third-party tools.
Additional context
The text was updated successfully, but these errors were encountered: