code-server icon indicating copy to clipboard operation
code-server copied to clipboard
verified publisher icon coder

Improve insecure domain notification

Open vsantalov opened this issue 4 years ago • 9 comments

When I try to access code-server over a local network I get an error message code-server is being accessed over an insecure domain I understand that the recommended method to expose the server is either SSH or reverse proxy. All these methods are an overkill if the server is always behind the same firewall as the client. There should be a way to acknowledge the message and dismiss it permanently. I did not notice any broken functionality despite the warning.

vsantalov avatar Aug 12 '21 20:08 vsantalov

I could be wrong here, but I believe code-server needs to be accessed over a secure domain in order for browsers to allow service workers and other features of code-server.

I did not notice any broken functionality despite the warning

Though you did say.

There should be a way to acknowledge the message and dismiss it permanently

I wonder if we add some custom functionality to code-server which lets check a box like "Don't show this again"

cc @code-asher thoughts?

jsjoeio avatar Aug 12 '21 21:08 jsjoeio

My main concern was that people will submit webview/copy/paste/etc issues that are caused by using an insecure domain but that's been happening anyway so maybe it won't matter if we make it dismissable.

Maybe we could consider adding something to the issue template that asks if code-server is being accessed over a secure domain or not.

Or, actually, I think the best solution would be to remove the notification and then when someone tries to use a feature that doesn't work without a secure domain we then pop up a notification explaining why it doesn't work (like when a user tries to copy or open a web view).

code-asher avatar Aug 13 '21 19:08 code-asher

When I try to access code-server over a local network I get an error message code-server is being accessed over an insecure domain I understand that the recommended method to expose the server is either SSH or reverse proxy. All these methods are an overkill if the server is always behind the same firewall as the client. There should be a way to acknowledge the message and dismiss it permanently. I did not notice any broken functionality despite the warning.

Alsabti5810 avatar Aug 21 '21 08:08 Alsabti5810

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

stale[bot] avatar Feb 17 '22 08:02 stale[bot]

Please reopen this issue, its an annoying permant message.

RealKoenisch avatar Apr 05 '22 19:04 RealKoenisch

Are there any activities planned to avoid this behaviour, maybe in the settings?

RealKoenisch avatar Apr 28 '22 13:04 RealKoenisch

No plans at the moment but if someone wants to implement this we are definitely happy to merge:

I think the best solution would be to remove the notification and then when someone tries to use a feature that doesn't work without a secure domain we then pop up a notification explaining why it doesn't work.

I just tested and here is what I saw was broken (mostly just webviews but there might be other things I missed):

  • Paste
  • Extension details, markdown preview, images, parts of the getting started walkthrough, welcome pages from extensions like GitLens (all these are webviews)

code-asher avatar Apr 28 '22 16:04 code-asher

I'm just using this as a config editor so the message is an annoyance to me; every time I use it I have to close the dialog.

Would love a setting to turn it off.

den-mac avatar Nov 10 '23 13:11 den-mac

+1

carefulcomputer avatar Feb 05 '24 06:02 carefulcomputer