Mastodawn

Do you want to put a web page on a .local address to do something cool for your household or club? Here's the list of browser features that browser vendors have decided you're just not fuckin' allowed to use. https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Secure_Contexts/features_restricted_to_secure_contexts

Some random site halfway around the world, served over https with a robo-verified certificate, is allowed, though, so take some comfort in that.

Features restricted to secure contexts - Security | MDN

This reference lists the web platform features available only in secure contexts — see Secure Contexts for a definition and more details.

MDN Web Docs

Show thread

Owen May 8

There's a discussion thread about allowing RFC 1918 addresses and their ip6 equivalents to participate in secure contexts at https://github.com/w3c/webappsec-secure-contexts/issues/60 . It is _eight years_ old without resolution.

I can't find any discussion at all on allowing the user to designate certain origins as secure contexts. Maybe that's a thing for some browsers.

Using secure-context gated features with local devices · Issue #60 · w3c/webappsec-secure-contexts

As proposed here which is continuing on from w3ctag/design-principles#75: It should be possible for people to create devices that are located on home networks that use modern browser features. One ...

GitHub

Show thread

Owen May 8

The recommendation in that thread is to run a private CA for your LAN. Anyone who has experience doing that outside of a managed (i.e., corporate) network will tell you how hilariously useless that advice is.

Show thread

Jima

@owen @becomethewaifu Sir, I have experience doing that *inside* of a managed (i.e., corporate) network, and I'll +1 your "how hilariously useless that advice is" point.