Issue metadata
Sign in to add a comment
|
Crypto.subtle is missing for localhost TLD
Reported by
jferl...@gmail.com,
Jun 10 2017
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.20 Safari/537.36 Steps to reproduce the problem: 1. Create a web page hosted on your local machine with the content document.write(window.crypto.subtle) 2. Load this using the following URLs * http://127.0.0.1 * http://localhost * http://dev/localhost What is the expected behavior? Expect all the URLs to return a page with [object SubtleCrypto] What went wrong? The last page returns undefined It looks like there is some sort of different treatment with the localhost TLD with respect to the crypto library. Did this work before? Yes I know it works in 58.0.3029.110 and doesn't in 60.0.3112.20 Does this work in other browsers? Yes Chrome version: 60.0.3112.20 Channel: dev OS Version: Ubuntu 16.04 Flash Version:
,
Jun 12 2017
In my example though I'm seeing different behaviour from * http://127.0.0.1 - crypto.subtle exists * http://localhost - crypto.sublte exists * http://dev.localhost - crypto.subtle DOES NOT exist This seems inconsistent. If I use https then crypto.subtle works for all three. I assume 127.0.0.1 and localhost are a special case and crypto.subtle is allowed even over HTTP, so should *.localhost be allowed as well given the way it works on chrome?
,
Jun 12 2017
Please note the typo in the original bug report and re-assess.
,
Jun 12 2017
No. It is not expected to work. https://w3c.github.io/webappsec-secure-contexts/#localhost
,
Jun 12 2017
Should I file a new bug to make crypto not work on all localhost variants? |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by rsleevi@chromium.org
, Jun 11 2017