Can we make secure context optional?
55 views
Skip to first unread message
lu xiansheng
Feb 6, 2024, 9:56:57 PMFeb 6
to noVNC
On the release page, we can see
- Secure context (https) is now required
Now, only some functions require secure context. I understand there will be some functions also requiring secure context in the future.
But can we update the document to indicate that those functions need secure context to work instead of announcing directly that secure context is a must for VNC?
I do know that maybe there are 98% of public VNC websites using secure context. However many intranet websites are not using secure context which may never need. Are we going to drop the support for them also?
Pierre Ossman
Feb 7, 2024, 4:45:12 AMFeb 7
to no...@googlegroups.com, lu xiansheng
On 07/02/2024 03:56, lu xiansheng wrote:
>
> I do know that maybe there are 98% of public VNC websites using secure
> context. However many intranet websites are not using secure context which
> may never need. Are we going to drop the support for them also?
>
Yes. Or strictly speaking, the browsers are, and we're tagging along.
>
> I do know that maybe there are 98% of public VNC websites using secure
> context. However many intranet websites are not using secure context which
> may never need. Are we going to drop the support for them also?
>
Secure context is simply a requirement for the modern web. As much of a
hassle that may be for intranet servers, they will need to adjust to
this eventually.
Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Kurt Fitzner
Feb 29, 2024, 1:35:43 PMFeb 29
to noVNC
>
As much of a hassle that may be
This is less of a hassle and more of an implementation-breaking event for some. This precludes the ability to use it over forwarded SSH sockets, which for some (raises hand) is the only way it can be implemented.
> Or strictly speaking, the browsers are...
Not noVNC's issue. There will always be browsers that support vanilla http, and leaving it as an exercise for the user to find the right browser for the job is perfectly appropriate. Using the fact that some browsers may deprecate vanilla http as a reason to...
> ...and we're tagging along.
... seems to me to be letting the tail wag the dog.
I don't know how much of a minority I am in, but I suspect that there are a lot more behind-the-scenes use cases for doing things the way I am than gets advertised.
Reply all
Reply to author
Forward
0 new messages