Feedback: Using insecure HTTPS

[abhilash-behera]

• Open page

Feedback

I am using chrome on android simulator and trying to open a remote site which does have ssl certificates but the android chrome browser is tagging it as insecure. Because of this reason it's not loading the service-worker.js file from this site. I followed the steps mentioned in this article and enabled the unsafely-treat-insecure-origin-as-secure flag and added the domain along with the protocol. But even after all these steps, it still flags this site as insecure.

Does this approach work only for localhost and not for remote URLs?

[kettanaito]

Hi, @abhilash-behera. Can you please tell me more about your use case?

Is it a remote site you own? I'm trying to understand why you'd want to (1) open a remote site; (2) why it has a certificate but still gets treated as insecure; this suggests issues with the certificate that site should resolve, in the first place.

[abhilash-behera]

Hi, thanks for responding. Here are the answers to your questions.

1. The remote site is a sandbox used for previewing our web app.
2. It has a self generated certificate which is not trusted by the browser.

• The same site opens up without any certificate warnings on chrome and safari desktop.
• If I have to fix the certificate issues to resolve the warning, then what is the point in enabling the --unsafely-treat-insecure-origin-as-secure flag?