I want to develop a Video Chat application. So I started to check the SimpleWebRTC JS Framework. When I share my screen, it requires HTTPS mode. If I hosted the files in SSL domain. But the Socket js (included file) is in an insecure domain.
http://signaling.simplewebrtc.com:8888/socket.io/1/?t=139165345345345
If I change the protocol into HTTPS then it doesn't return response.
Please advice.
You can host the socket.io.js library, which is the simpleWebRTC signalling server yourself on a node server, and point that as your signalling server.
That worked for me.
Related
I am working on a Blazor(PWA) standalone app. Is deploying to a hosting provider required for standalone Blazor webassembly PWA? Or is it possible to serve the app from a network location for users to download and run it locally in their browser? I looked for documentation but can't find any. Please let me know. Thanks!
You'll need to host the app from an HTTP server that provides secure hosting (HTTPS). For example, you could set up an HTTP server on your local network, or use a hosting provider on the internet.
It cannot be shared from a network drive, or anything like that because it's not considered secure, and thus the service worker won't be registered.
I deployed a dockerized yii2 application on google app engine inorder for this to work my application needs to listen on port 8080. I managed to get apache to listen on port 8080. The application deployed successfully but when I try to access it on the https autogenerated URL by app engine it always redirects to the HTTP version. For example say the url is https://flex-dot-[projectId].appspot.com it redirects to
http://flex-dot-[projectId].appspot.com. Is this a normal behaviour or am I missing something? Keep in mind I know I can add custom domain then add SSL through that means but I just want to be sure I am not missing anything.
I have an existing web application hosted in Tomcat which is listening for a HTTP POST.
However for security reasons requests to the web application have to be transported across the network as HTTPS.
I cannot change the web application.
So I want to receive a HTTPS POST, decrypt it and pass it on to the web application as a HTTP POST.
I also need to pass back to the sender response codes etc.
I have been told that I can do this using Apache configured as a "reverse proxy".
But I am not an expert at Apache or Tomcat and before I investigate this option I wanted to be sure I was going down the right path.
i.e.
Schematic
So to the Remote Server application everything looks like it happens over HTTPS.
And to my local Tomcat web application everything looks like it happens over HTTP.
Is this doable and correct ?
Do I need to use Apache or could I do it all in Tomcat ?
Is this what is called "url rewriting" ?
This is more than just "redirection" ?
Thanks,
Brett
I am developing a web application which makes use of the Sony Camera API with an Alpha 6300.
The web-app needs to access the camera and internet at the same time. Therefore, I am using a laptop with two network adapters, one connecting to Wi-Fi and one to the camera access point. I got this to work without the discovery phase, which is not possible from a browser (that's ok, the IP address of the camera is always the same).
However, in order to get it working on the production server (which is secure), I need some ugly hacks, due to the camera endpoints being only available in HTTP (no HTTPS) and with no CORS headers:
I need to use a Chrome extension to bypass CORS
I need to click on 'load unsafe scripts' in Google Chrome
A quick solution would be to pack everything in an Electron app, thus overriding Chrome's (more than legitimate) security concerns. However, this would strongly complicate the deploying and testing process. I would rather go with a web-based solution, if possible.
Anybody knows if there's a way to enforce HTTPS and set Access-Control-Allow-Origin on the Camera server?
You can use a local CORS proxy. That's what I've done for development.
I went the similar route of "Electron" for disabling the same origin policy, only I used PhoneGap because I needed this for a phone.
I'm just starting to develop a SPA, with java(dropwizard) REST backend. I'm kinda new to 'web' development, but I did internal web apps before, so security was not a big concern before.
Right now I'm using nginx as my public facing web server, and I just discovered whole slew of complications that arise as we're splitting actual servers: static web server serving my SPA's files, and java microservices behind it.
I'm used to apache talking to tomcat with mod_jk, but now I had to implement CORS in dev because my SPA is deployed on a lite-server serving at different port than the REST Api served by dropwizard.
Now I got to my minimum viable product and wanted to deploy it on prod,
but I have no idea how do I do it.
Do I still need the CORS header? Dropwizard will be run separately on a different port only available to local processes, then I configure nginx to route incoming request from, e.g. /api/ to that port. Does that counts as cross-origin?
I'd like to serve full https. Dropwizard can serve to https, but I don't want to update SSL cert on multiple microservices. I read about nginx ssl termination, will this enable me to use plain http in local and https on nginx?
Any other caveats to watch out on deploying with this architecture?
Thank you!
Yes, you can certainly do it!
You can terminate https with nginx, and still have the backend operate on either plain http or even https still. The proxy_pass directive does support both access schemes for the upstream content. You can also use the newer TCP stream proxying, if necessary.
There are not that many caveats, really. It usually just works.