The context/environment is not secure #83
-
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
Hi, @madtag! Any url that starts with Two quick ways to check if this is the issue:
To solve this issue, you probably need to host your website using TLS (HTTPS). Let us know if that wasn't your issue, and we'll have a look! |
Beta Was this translation helpful? Give feedback.
-
So I checked with window.isSecureContext and you are correct about http being unsecure and https and localhost being secure. This is the problem now. using http://localhost:3000 when I try to login I get a CORS error. If I use http://myIP:3000 I get the context error. If I run my application using HTTPS=true in .env file for both http://localhost:3000 and https://myIP:3000 i get the error below when trying to login |
Beta Was this translation helpful? Give feedback.
Hi, @madtag!
This error is thrown by pkceUtils.ts:24-30.
It can happen because of an outdated browser, but it's probably rather because you are trying to use it in an "unsecure context" where SubtleCrypto is disabled automatically by the browser (for security reasons). (MDN docs on
crypto.subtle
)Any url that starts with
http://
instead ofhttps://
(exceptlocalhost
, I think) are considered insecure automatically.Two quick ways to check if this is the issue:
http://
at the beginning (and the rest isn'tlocalhost
) - then that's your issue.