Require https on start: some browser APIs are not available when the app is loaded via HTTP, it's better to fail fast.

2018-08-30 21:32:37 +02:00 · 2018-08-30 21:32:37 +02:00 · e889f5f5ba
parent 23477e1d2f
commit e889f5f5ba
3 changed files with 10 additions and 16 deletions
--- a/app/scripts/app.js
+++ b/app/scripts/app.js
@ -111,20 +111,15 @@ ready(() => {
        return Promise.resolve().then(() => {
            const skipHttpsWarning = localStorage.skipHttpsWarning || appModel.settings.get('skipHttpsWarning');
            const protocolIsInsecure = ['https:', 'file:', 'app:'].indexOf(location.protocol) < 0;
-            const hostIsInsecure = location.hostname !== 'localhost';
+            const hostIsInsecure = location.hostname !== 'localhost2';
            if (protocolIsInsecure && hostIsInsecure && !skipHttpsWarning) {
-                return new Promise(resolve => {
-                    Alerts.error({
-                        header: Locale.appSecWarn, icon: 'user-secret', esc: false, enter: false, click: false,
-                        body: Locale.appSecWarnBody1 + '<br/><br/>' + Locale.appSecWarnBody2,
-                        buttons: [
-                            {result: '', title: Locale.appSecWarnBtn, error: true}
-                        ],
-                        complete: () => {
-                            showView();
-                            resolve();
-                        }
-                    });
+                Alerts.error({
+                    header: Locale.appSecWarn, icon: 'user-secret', esc: false, enter: false, click: false,
+                    body: Locale.appSecWarnBody1,
+                    buttons: [],
+                    complete: () => {
+                        showView();
+                    }
                });
            } else {
                showView();
--- a/app/scripts/locales/base.json
+++ b/app/scripts/locales/base.json
@ -282,9 +282,7 @@
  "autoTypeNoMatches": "no matches",

  "appSecWarn": "Not Secure!",
-  "appSecWarnBody1": "You have loaded this app with an insecure connection. Someone may be watching you and stealing your passwords. We strongly advise you to stop, unless you clearly understand what you're doing.",
-  "appSecWarnBody2": "Yes, your database is encrypted but no one can guarantee that the app has not been modified on the way to you.",
-  "appSecWarnBtn": "I understand the risks, continue",
+  "appSecWarnBody1": "You have loaded this app with an insecure connection, please host it on HTTPS.",
  "appUnsavedWarn": "Unsaved changes!",
  "appUnsavedWarnBody": "You have unsaved files, if you close the app, changes will be lost.",
  "appDontExitBtn": "Don't exit",
--- a/release-notes.md
+++ b/release-notes.md
@ -5,6 +5,7 @@ Release notes
 `-` fixed calendar colors  
 `+` option to open a keyfile from command line  
 `+` master password confirmation  
+`*` https is now required  

 ##### v1.6.3 (2017-12-11)
 `-` fixed Windows installer upgrade issue