In order to test the Hypothesis development on websites which:
- Are served over HTTPS
- Use Content Security Policy to restrict where scripts are loaded from
You will need to:
-
Build a browser extension using the development client.
- Follow the steps at https://github.com/hypothesis/browser-extension/blob/master/docs/building.md
- Note that in you will also need to register an OAuth client for your development browser extension
at http://localhost:5000/admin/oauthclients. Set the "Redirect URL" of the OAuth client to
chrome-extension://{id}
. The ID can be obtained from the info card for your development extension at thechrome://extensions
URL in Chrome.
-
Configure your browser to treat your local 'h' server as a secure origin (ie. pretend it is being served via HTTPS).
In Google Chrome you can do this using the
--unsafely-treat-insecure-origin-as-secure
flag. On macOS:-
Close Chrome if already running
-
Start Chrome from the command-line and add
--unsafely-treat-insecure-origin-as-secure=http://localhost:5000
as an argument. On macOS this looks like:/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --unsafely-treat-insecure-origin-as-secure=http://localhost:5000
-