> > Hi Cory, > > > On 01/29/2017 04:38 PM, Cory Schwartz wrote: > > Hi, > > > > I noticed on the example page > > https://www.spice-space.org/spice-html5/spice.html > > that you are unable to connect to a websocket where SSL is not > > implemented. The reason for this is that the original site redirects > > to https and the websocet is ws:// not wss://. One is greeted with an > > error which states the operation is insecure and it does not attempt > > the connection. I haven't tested whether this is true of all web > > browsers, I think given this is just an example page it's reasonable > > in this case to permit HTTP and HTTPS so develpers are not required to > > add SSL to the projects they are developing at early stages. > The page was updated by Pavel connecting using wss:// instead of ws:// > I've just tried this page in Firefox, and I see the error you are > getting. Arguably, the right solution is to mirror the logic in > spice_auto.html and make the connection be wss:// in this case, not ws://. > > With that said, the example page is really not intended as anything more > than a taste, and the spice.html file itself is meant as a starting > template. You should feel free to download and host it yourself and > tweak it to your hearts content. > > I don't host spice-space.org, but I think the web as a whole is moving > towards https, not away, so I suspect you'd find strong, and > justifiable, resistance to hosting this page as http://. > > I'll see about getting a patch to auto select wss://, along with a > corresponding note that folks will need to have a websockify running > with ssl support, to the template page. > > Cheers, > > Jeremy > > > > > I am sure there is legitimate disagreement to this position, > > especially now that encryption keys are cheaper and more prevalent > > than ever, but this is a testing page so tests should be reducible to > > the simplest possible level. > > Perhaps a message could be included if you are not using HTTPS that > > all traffic is not encrypted and susceptible to interception from > > attacks, but users can use at their own risk. > > In fact, I would see this a greater testing page if http and https > > could be selected and tested independently. Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel