Electron.NET icon indicating copy to clipboard operation
Electron.NET copied to clipboard
verified publisher icon ElectronNET

How to run app on HTTPS

Open dejanakadex opened this issue 4 years ago • 4 comments

I am creating app on Blazor server side with .net core 5. When I start, my electron app is running on http://localhost:. I know that I can set port by setting 'aspCoreBackendPort' prop. How can I set https? In my app I am using a payment service which requires me to enter the allowed origin on their side but they do not accept http, only https. How to fix this?

dejanakadex avatar Oct 28 '21 14:10 dejanakadex

We're having similar issues, enabling https works for local development, but breaks on user machines due to needing self signed certs.

Potentially a change to allow more configuration in here? Not sure how we'd get easy https on other computers though. https://github.com/ElectronNET/Electron.NET/blob/30941df39c49f82720011c2444f4af4cbd7b8569/ElectronNET.API/WebHostBuilderExtensions.cs#L19-L56

HaydnDias avatar Nov 09 '21 14:11 HaydnDias

We're having similar issues, enabling https works for local development, but breaks on user machines due to needing self signed certs.

Potentially a change to allow more configuration in here? Not sure how we'd get easy https on other computers though.

https://github.com/ElectronNET/Electron.NET/blob/30941df39c49f82720011c2444f4af4cbd7b8569/ElectronNET.API/WebHostBuilderExtensions.cs#L19-L56

Can you please share with me how did you do it localy? This would help me a lot.

dejanakadex avatar Nov 09 '21 22:11 dejanakadex 

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
    WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>()
        .UseKestrel(options =>
        {
            options.Limits.MaxRequestBodySize = 268435456;
        })
        .UseElectron(args)
        .UseUrls("https://localhost:11811")

I just set the UseUrls in the application, seemed to do it, only worked on dev machine with certs created as per https://docs.microsoft.com/en-us/dotnet/core/additional-tools/self-signed-certificates-guide.

However, deploying it to standard user machines broke this, and as we can't guarantee access to elevated permissions, this wasn't a solution for us.

There's a good chance you'll have to use a hosted web proxy to use https, unless you're able to add self-signed certs to the system you're deploying to.

HaydnDias avatar Nov 10 '21 12:11 HaydnDias

In our Electron app we wanted to "secure" the internal traffic with its ASP.NET Core backend, but installing a valid ssl cert from a trusted CA was not an option for us because we would need to distribute the certificate, plus we would need a certificate issued for every machine where the application is installed.

Self-signed cert was the only option, but we did not want to trust that cert, instead we just want the Electron app to ignore certificate errors for local requests either to localhost or 127.0.0.1.

I just posted the pull request https://github.com/ElectronNET/Electron.NET/pull/626 with the change to bypass certificate errors. So, by adding the corresponding setting in the electron.manifest.json file, the developer can decide if he/she wants to bypass all cert errors for all requests, or bypass only cert errors for a given domain names. list i.e. localhost or 127.0.0.1

The native electron framework supports ignoring cert errors as documented here. With my proposed changes I am just exposing that feature to Electron.NET as well.

javierlarota avatar Nov 26 '21 22:11 javierlarota

@javierlarota did you build your own package or ow you use it because the oficial last release is befor your change... I cannot ignore the cert errors currently.. Any help? Thx

damikun avatar Nov 03 '22 20:11 damikun

I currently ended up with building self main from ElectronNet with all recent changes...

damikun avatar Nov 04 '22 11:11 damikun

🎉🚀 New Electron.NET version 23.6.1 released 🚀🎉

With native Electron 23 and .NET 6 support. Your problem should be fixed here. If you continue to have the problem, please let us know. Please note the correct updating of your API & CLI. Info in the README. Have fun!

GregorBiswanger avatar Mar 28 '23 15:03 GregorBiswanger

Hi @GregorBiswanger i think ther is some needs to support https and stuff around it...

backend on https without options to use https is hardcoded..

Look on main.js in Electron HOST..

loadURL = http://localhost:${aspCoreBackendPort}``

When backend use strict HTTPS the load url is than incorrect...

Also needs to provide way to dynamicali append this args...


app.commandLine.appendSwitch('ignore-certificate-errors');
app.commandLine.appendSwitch('allow-insecure-localhost', 'true');

damikun avatar Mar 28 '23 16:03 damikun

An HTTPS certificate on a local device via desktop application is inherently insecure. Locally you can always listen in between without any problems. To do this, the certificate would also have to be installed locally. With ASP.NET Core, a developer certificate is installed by default, which is limited. Additional support for this would be pointless.

GregorBiswanger avatar Mar 28 '23 18:03 GregorBiswanger

An HTTPS certificate on a local device via desktop application is inherently insecure. Locally you can always listen in between without any problems. To do this, the certificate would also have to be installed locally. With ASP.NET Core, a developer certificate is installed by default, which is limited. Additional support for this would be pointless.

You can install self signed dummy certificate with backend inside electron... and ignore certa errors..

The reason is for example modules that require by default https..

My app forexample contains ID server (part of backend) and this use https only cookie by default so without https support im not able to use it... (hardcoded requirement in external lib)

The app is electronised, but can also run as standard web service (the sources)

I mean standalone electron allow you to ignor (set this flags) errors..

damikun avatar Mar 28 '23 18:03 damikun