Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47291

HTML5 Notifications not working over non-https instances

    XMLWordPrintable

Details

    Description

      Since my last Chrome update to 62, the HTML5 notifications don't work anymore (clicking on the enable notifications buttons does nothing).

      In the browser's developper tools' console, the following message shows up:
      [Deprecation] The Notification API may no longer be used from insecure origins. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.

      This seems to be part of a vast Google plan to reduce the capabilites over HTTP :
      https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-powerful-features-on-insecure-origins

      Once Chrome 62 hits the stable branch, there will be a flood of complaints. Maybe make an annoucement or propose a workaround?

      Attachments

        Activity

          saucistophe Christophe Carpentier created issue -

          Also, I took it for granted, but would love to be proven wrong: You can't establish a secure HTTPs connection (without those nasty warnings) on a local machine, right?

          saucistophe Christophe Carpentier added a comment - Also, I took it for granted, but would love to be proven wrong: You can't establish a secure HTTPs connection (without those nasty warnings) on a local machine, right?
          halkeye Gavin Mogan added a comment -

          I guess I can update the wiki saying "HTTPS is required for this to work in chrome".

           

          As for a work around, I don't really know any. Maybe a chrome extension or something?

           

          You can create a self signed certificate then import the cert into the browser, that would get rid of the errors.

          If its an actual domain name, you could use letsencrypt with dns verification and generate a free cert.

          halkeye Gavin Mogan added a comment - I guess I can update the wiki saying "HTTPS is required for this to work in chrome".   As for a work around, I don't really know any. Maybe a chrome extension or something?   You can create a self signed certificate then import the cert into the browser, that would get rid of the errors. If its an actual domain name, you could use letsencrypt with dns verification and generate a free cert.
          blueocean_security_members BlueOcean Security made changes -
          Field Original Value New Value
          Resolution Won't Fix [ 2 ]
          Status Open [ 1 ] Closed [ 6 ]

          People

            halkeye Gavin Mogan
            saucistophe Christophe Carpentier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: