Seaside and HTTPS (for testing locally)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Seaside and HTTPS (for testing locally)

Torsten Bergmann
Today web development for mobile devices is very common. So one possible scenario is to
develop with Seaside on a computer and checking the result page directly with a browser
on the phone in the same network.

This works perfectly in a quick and simple setup (with seaside running on port 80).
One just opens the IP address of the developer computer to access the seaside page
over HTTP and can check how it looks on mobile.

But in recent times Google is pushing to get all website using their APIs to move from HTTP
to the HTTPS protocol. So for same client side browser APIs (for instance for geolocation)
the mobile chrome on Android mobile devices now returns "Only secure origins are allowed".

So such functionaliy is only allowed in the client browser when the server is on a secure
HTTPS connections. While this makes sense for production setups one usually does not have a
local HTTPS connection out of the box with Seaside when testing and developing an application.

What is the best way and most easy Way to locally serve Seaside with HTTPS for testing?
How to set this up? What do people use?

Thanks
T.

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside and HTTPS (for testing locally)

johnmci

On Thu, Jun 29, 2017 at 5:01 PM, Torsten Bergmann <[hidden email]> wrote:
Today web development for mobile devices is very common. So one possible scenario is to
develop with Seaside on a computer and checking the result page directly with a browser
on the phone in the same network.

This works perfectly in a quick and simple setup (with seaside running on port 80).
One just opens the IP address of the developer computer to access the seaside page
over HTTP and can check how it looks on mobile.

But in recent times Google is pushing to get all website using their APIs to move from HTTP
to the HTTPS protocol. So for same client side browser APIs (for instance for geolocation)
the mobile chrome on Android mobile devices now returns "Only secure origins are allowed".

So such functionaliy is only allowed in the client browser when the server is on a secure
HTTPS connections. While this makes sense for production setups one usually does not have a
local HTTPS connection out of the box with Seaside when testing and developing an application.

What is the best way and most easy Way to locally serve Seaside with HTTPS for testing?
How to set this up? What do people use?

Thanks
T.

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside



--
===========================================================================
John M. McIntosh. Corporate Smalltalk Consulting LtdĀ https://www.linkedin.com/in/smalltalk
===========================================================================

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Seaside and HTTPS (for testing locally)

Jerry Kott-3
Or you can use SiouX/Seaside on VW8.2. It has an HTTPS server, and you can generate your own SSL certificates too. Recently browsers started blocking self-signed certificates though, so you may have a bit of work with setting up browser exceptions and/or creating your own root certificate and importing it into the browser. Neither is considered a best practice for a production system but for testing it should work.

Jerry Kott
This message has been digitally signed. 
PGP Fingerprint:
A9181736DD2F1B6CC7CF9E51AC8514F48C0979A5



On 29-06-2017, at 5:16 PM, John McIntosh <[hidden email]> wrote:


On Thu, Jun 29, 2017 at 5:01 PM, Torsten Bergmann <[hidden email]> wrote:
Today web development for mobile devices is very common. So one possible scenario is to
develop with Seaside on a computer and checking the result page directly with a browser
on the phone in the same network.

This works perfectly in a quick and simple setup (with seaside running on port 80).
One just opens the IP address of the developer computer to access the seaside page
over HTTP and can check how it looks on mobile.

But in recent times Google is pushing to get all website using their APIs to move from HTTP
to the HTTPS protocol. So for same client side browser APIs (for instance for geolocation)
the mobile chrome on Android mobile devices now returns "Only secure origins are allowed".

So such functionaliy is only allowed in the client browser when the server is on a secure
HTTPS connections. While this makes sense for production setups one usually does not have a
local HTTPS connection out of the box with Seaside when testing and developing an application.

What is the best way and most easy Way to locally serve Seaside with HTTPS for testing?
How to set this up? What do people use?

Thanks
T.

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside



--
===========================================================================
John M. McIntosh. Corporate Smalltalk Consulting Ltd https://www.linkedin.com/in/smalltalk
===========================================================================
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Seaside and HTTPS (for testing locally)

Paul DeBruicker
In reply to this post by Torsten Bergmann
On linux or mac, for development, and if you don't want to redirect through nginx or apache, you can make a self signed cert:


https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04

And make a subclass of ZnZincServerAdaptor with #defaultZnServer overridden like so:


ZnZincSecureServerAdaptor>>defaultZnServer
   ^(ZnSecureServer on: self port)
        certificate: '/home/sven/ssl/key-cert.pem';
        logToTranscript;
        yourself.


And then start it with:


        | adaptor server |
        adaptor := ZnZincServerAdaptor startOn: 8080.
        server := adaptor default server.
        server
                register;
                debugMode: true.



And report back if it fails as I haven't tested the above but it should work. YMMV etc etc etc





Torsten Bergmann wrote
Today web development for mobile devices is very common. So one possible scenario is to
develop with Seaside on a computer and checking the result page directly with a browser
on the phone in the same network.

This works perfectly in a quick and simple setup (with seaside running on port 80).
One just opens the IP address of the developer computer to access the seaside page
over HTTP and can check how it looks on mobile.

But in recent times Google is pushing to get all website using their APIs to move from HTTP
to the HTTPS protocol. So for same client side browser APIs (for instance for geolocation)
the mobile chrome on Android mobile devices now returns "Only secure origins are allowed".

So such functionaliy is only allowed in the client browser when the server is on a secure
HTTPS connections. While this makes sense for production setups one usually does not have a
local HTTPS connection out of the box with Seaside when testing and developing an application.

What is the best way and most easy Way to locally serve Seaside with HTTPS for testing?
How to set this up? What do people use?

Thanks
T.

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside