Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BrowserSync should run with https by default since mobile web browser… #29

Closed
wants to merge 1 commit into from

Conversation

s-avni
Copy link

@s-avni s-avni commented Jan 8, 2017

…s won't share location information otherwise

Please see: https://browsersync.io/docs/options
Browsersync supplies a self-signed certificate for development - https://wearejh.com/development/https-support-added-browsersync/

…s won't share location information otherwise
@VehpuS
Copy link

VehpuS commented Jan 8, 2017

For more details on why this is necessary (at this stage only for mobile but I imagine destops might require it at some point as well): https://mobiforge.com/news-comment/no-https-then-bye-bye-geolocation-in-chrome-50. We experienced this issue in Safari and Firefox on IOS and Chrome on Android.

@fabrik42
Copy link
Member

fabrik42 commented Jan 9, 2017

Hi!

Thank you for the PR! You are right, the Geolocation API is only available in a secure context, even on Desktop Chrome. But this includes localhost, where you don't need a https connection to be considered secure.

I understand that this is a problem, when you serve the demo page from a local dev environment and you want to use it on a mobile client.

It's great that browserSync offers this option, but I don't want to enable it by default. It uses a self signed certificate, this means, the very first time a user runs ffwdme's gulp command, it will open a browser and present him with an error page (insecure certificate). This is not a great dev experience.

However, I think you are completely right that this is a problem and should be handled somehow. But I would prefer to add this information to the docs and maybe as a commented-out option in the browserSync config file. This way users have to opt-in into https, but won't be surprised if the first thing they see from ffwdme is a chrome security warning.

I hope this makes sense to you!

Best,
Christian

@fabrik42
Copy link
Member

Hi! I just added your hint to the readme, so it can help other people having the same problem.

Thanks again for pointing this out!

Best,
Christian

@fabrik42 fabrik42 closed this Jan 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants