Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@robertknight

robertknight/using-dev-client-with-secure-websites.md

Last active March 5, 2018 13:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save robertknight/11e25a2a90625ee5106456eb7006fd76 to your computer and use it in GitHub Desktop.
Save robertknight/11e25a2a90625ee5106456eb7006fd76 to your computer and use it in GitHub Desktop.
Download ZIP
Using the Hypothesis development client on secure websites
Raw
using-dev-client-with-secure-websites.md

In order to test the Hypothesis development on websites which:

  1. Are served over HTTPS
  2. Use Content Security Policy to restrict where scripts are loaded from

You will need to:

  1. Build a browser extension using the development client.

    1. Follow the steps at https://github.com/hypothesis/browser-extension/blob/master/docs/building.md
    2. Note that in you will also need to register an OAuth client for your development browser extension at http://localhost:5000/admin/oauthclients. Set the "Redirect URL" of the OAuth client to chrome-extension://{id}. The ID can be obtained from the info card for your development extension at the chrome://extensions URL in Chrome.

  2. Configure your browser to treat your local 'h' server as a secure origin (ie. pretend it is being served via HTTPS).

    In Google Chrome you can do this using the --unsafely-treat-insecure-origin-as-secure flag. On macOS:

    1. Close Chrome if already running

    2. Start Chrome from the command-line and add --unsafely-treat-insecure-origin-as-secure=http://localhost:5000 as an argument. On macOS this looks like:

      /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --unsafely-treat-insecure-origin-as-secure=http://localhost:5000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment