Unsupported Flag unsafely-treat-insecure-origin-as-secure

[Muhammad Zubair]

Hi

https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins

Above link says that by using flag

unsafely-treat-insecure-origin-as-secure

we can test the features over http but I am getting the following message while using it.

You are using an unsupported command-line flag: --unsafely-treat-insecure-origin-as-secure. Stability and security will suffer.

PFA

--

Muhammad Zubair

Software Engineer

Mob. +92 345 9632 108

[Eric Lawrence]

Yes, this is expected. It means the flag is in use, but it notes that using the flag reduces your security. 

[Muhammad Zubair]

Hi

I used this flag but still getting error while using

navigator.getUserMedia(options, successCallbac, errorCallback);

It still triggers the errorCallback with the message Only secure origins are allowed

[Eric Lawrence]

The flag has no effect unless --user-data-dir is also supplied. Example: --unsafely-treat-insecure-origin-as-secure=http://a.test,http://b.test --user-data-dir=/test/only/profile/dir

[Joshua Watson]

I have the same issue with embedded content linked in the webpage. I'm using the following flags on chromeos:

--unsafely-treat-insecure-origin-as-secure=http://domain1,http://domain2,http://domain4,http://ip1,http://ip2
--user-data-dir=/home/chronos
--allow-running-insecure-content
--reduce-security-for-testing

Also, using a directory other than the default chronos directory results in a restart and frozen boot (I waited 2 hours to verify it was frozen).

[Emily Stark]

Hi -- can you please tell us what exact command-line options you are using when you run Chrome, and also what URL you are testing navigator.getUserMedia on?

Thanks,

Emily

[Emily Stark]

Can you please explain what you mean by "the same issue with embedded content linked in the webpage"? Are you trying to use getUserMedia as the previous poster was, or are you trying to load insecure scripts in a secure page? Do you have an example webpage that we could look at that illustrates the problem?

Thanks,

Emily

--
You received this message because you are subscribed to the Google Groups "Security-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev+unsubscribe@chromium.org.

[jo...@joshwatson.net]

Thanks for your response Emily. I am shamefully piggybacking this post; I am trying to run insecure scripts on an insecure page. No matter what combination of exceptions I use, I could not get the microphone and the camera to work via flash. Despite the unsafely-treat-insecure-origin-as-secure flag being active for the api origin, I was still receiving an error similar to "microphone and camera are no longer allowed on insecure origins".

Strangely, this issue stopped occurring about 12 hours ago with no changes on my end, and no changes to the code of the webpage. Perhaps it was just a driver issue?

> To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.

[eka...@gmail.com]

Not working for me same issue.

--unsafely-treat-insecure-origin-as-secure

[ศิรรักษ์ เดล]

I've faced  this, how to fix?

ในวันที่ วันจันทร์ที่ 5 พฤศจิกายน ค.ศ. 2018 เวลา 18 นาฬิกา 45 นาที 59 วินาที UTC+7 eka...@gmail.com เขียนว่า:

[Derek Lafontaine]

I get this message everytime I use chrome and want to know how to fix it....Can someone please help me