Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Using the Hypothesis development client on secure websites

In order to test the Hypothesis development on websites which:

  1. Are served over HTTPS
  2. Use Content Security Policy to restrict where scripts are loaded from

You will need to:

  1. Build a browser extension using the development client.

    1. Follow the steps at
    2. Note that in you will also need to register an OAuth client for your development browser extension at http://localhost:5000/admin/oauthclients. Set the "Redirect URL" of the OAuth client to chrome-extension://{id}. The ID can be obtained from the info card for your development extension at the chrome://extensions URL in Chrome.
  2. Configure your browser to treat your local 'h' server as a secure origin (ie. pretend it is being served via HTTPS).

    In Google Chrome you can do this using the --unsafely-treat-insecure-origin-as-secure flag. On macOS:

    1. Close Chrome if already running

    2. Start Chrome from the command-line and add --unsafely-treat-insecure-origin-as-secure=http://localhost:5000 as an argument. On macOS this looks like:

      /Applications/Google\\ Chrome --unsafely-treat-insecure-origin-as-secure=http://localhost:5000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.