https needed for certain feature in chrome - google-chrome

There's a recent update in Google Chrome's security in which they don't allow using the geolocation and accessing webcam when the site is not 'https'.
Is there a way to disable this for local IP addresses? We're only using it in out intranet so there's no way to put https in it.
Hope somebody can help me
Thanks

It only works on localhost, but not on the internal network.
The best I can suggest is to install a local page on each user's localhost. The page, when loaded, would store the user's location, record it in memory, then call an endpoint on your local network to transmit the data.

Related

Browser says "Camera Blocked to protect your privacy"

Browser says "Camera Blocked to protect your privacy"
My project include using user camera and when i access application from localhost camera works fine but when accessing through ipaddress, the browser by default blocks the camera and other resource.. how can i allow them for my application.
My application is for an organization who will be accessing the application using ipaddress.
Thank you for reading and your help. :)
type url chrome://flags/#unsafely-treat-insecure-origin-as-secure
Enter url in the textarea
Choose Enabled in the select option
Click image link bellow to see detail
example
Chrome blocks vulnerable features—including camera, location, microphone, etc. on non-secure sites. As of July 2018, with the release of Chrome 68, Chrome starts to mark all HTTP sites as "not secure."
You have three options to unblock these features for your site:
Treat 192.168.10.79 as secure origins by setting chrome://flags/#unsafely-treat-insecure-origin-as-secure. Origins must have their protocol specified, e.g., http://192.168.10.79.
Port forwarding your site address to localhost. Chrome treats localhost as secure origins.
Set up a self-signed certificate for the server.
The problem is because of http protocol. This is not a secure protocol.
Solution
In my scenario I have used https and have got all permissions.

getUserMedia() without SSL for local storage

In my website I need to record audio from the microphone and then replay it.
I do not need to send those files to the server, they can remain on the client.
Currently I'm successfully using flash for that, but I would like to switch to html5 and getUserMedia().
I'm aware that I normally need SSL for using getUserMedia() (except from localhost use), but I'm wondering if there is some sort of exemption if I don't want the data to be uploaded (and thus there should be no security issues in using it).
There's no exemption. Having one would require running your script in some sort of local sandbox with separate local storage and no networking. Does not exist.
Only Google Chrome enforces this https requirement by the way. Other browsers do not.
Getting a free certificate is easy.

Is there any way to use http as redirect url for Box API?

I have created an application from Box developer account, but I couldn't able to set the redirect url as http. I have seen that Box API supports only https. As I hosted my web application as a module of another web application, I cannot change it's protocol to https. So is there any way to set the redirect url to http?
Please find me a solution for this.
Thanks in Advance.
Since the redirect URL is used to send you your application OAuth2 tokens, You are essentially asking Box to send you confidential information in the clear. It's just not a good idea, since anyone that installs a network sniffer anywhere between you and Box can just sniff those tokens and start using them.
If you don't have the ability to ask your server hardware or hosting web application for an encrypted connection, it's probably time to upgrade your service provider or web app.

register/add host to chrome remote desktop extension host list using CRD API

I've installed chrome remote desktop extension for desktop sharing.
https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en-US&utm_source=chrome-ntp-launcher
Im very impressed. Its fast and easy.
There's an option to add your computer to My Computers list by Enabling remote connection. The computers in the lists are also called hosts, Google has also provide an API to add/update/list/delete the hosts. https://developers.google.com/chrome/remote-desktop/v1/reference/hosts/insert
Now my question is; has anyone able to add host/computer to host lists using the Google Chrome Remote Desktop API? If yes, can you help me out with this.
Please let me know if you need more explanation.
Done it myself. I've used the php CURL for sending the host insert request. API only supports json content-type so you need to send data in json format.

HTML href link to local ip camera web server

I have a website running on a NAS server and I also have a ip camera on my network. I can configure port forwarding on my router to forward http requests to either my nas website (192.168.1.64) or ip camera (192.168.1.200) from the internet. I have configured both independently and was able to access from internet. However, I only have one IP address so I have configured port forwarding on my router to forward http requests ( port 80) to the web site on my NAS where I have provided a hyperlink on the default html page to the IP camera (href=http://192.168.1.200/....html). From home the link works because the internet browser is running on a computer on my network. But browsing from a computer ouside of my router ( the internet) the link does not work. The browser is attempting to communicate with ip address 192.168.1.200 which do not exist on the internet. How can I link to the ip camera website from a html page on my NAS website behind the router. I hope I have explained this in enough detail for you to understand.
You can't, plain and simple. This is because you can never get your browser to connect the device that does not have the port forward directly, therefore you can never load a page directly from that device to your browser, however you try and work it.
When I refer to "the other device" in this is answer, I am referring to whichever one does NOT have the port opened through the router to it.
Setting aside the security problems you are creating by doing this that frankly, horrify me, you have two options:
Set up a port redirect on your router to the other device, so that a different public port is redirected to port 80 internally. This would mean you could access both devices directly across the internet. Not all routers support this (albeit fairly basic) functionality.
Set up some form of proxy script that will fetch the page from the other device and display it on a page (in an iframe maybe?) on the device that does have a port forward. This will probably require a third web server inside your network, since it is unlikely either the NAS or the camera will support any form of scripting language.
I do not recommend either of these options, but that is what you are left with.
You are creating a huge hole in your network security by doing this. Only do it if you 100% trust the fact the neither device could under any circumstances be hacked into. Are you that confident in some software you didn't write - or even some you did?