From 0935f2d23aebccf3bb1bdd7974189dde4c8fc2bc Mon Sep 17 00:00:00 2001 From: Eric Eastwood Date: Fri, 25 Feb 2022 01:59:48 -0600 Subject: [PATCH] Only try to use window.crypto.subtle in secure contexts to avoid it throwing and stopping all JavaScript Relevant error if you crypto is used in a non-secure context like a local LAN IP `http://192.168.1.151:3050/` ``` Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'deriveBits') at new Crypto at new Platform at mountHydrogen ``` For my use-case with https://github.com/matrix-org/matrix-public-archive, I don't need crypto/encryption at all. Docs: - https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts - https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle - "Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers." --- Related to https://github.com/vector-im/hydrogen-web/issues/579 --- src/platform/web/Platform.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/platform/web/Platform.js b/src/platform/web/Platform.js index 9de3d4ce..b6fdfae5 100644 --- a/src/platform/web/Platform.js +++ b/src/platform/web/Platform.js @@ -143,7 +143,10 @@ export class Platform { this._serviceWorkerHandler.registerAndStart(assetPaths.serviceWorker); } this.notificationService = new NotificationService(this._serviceWorkerHandler, config.push); - this.crypto = new Crypto(cryptoExtras); + // `window.crypto.subtle` is only available in a secure context + if(window.isSecureContext) { + this.crypto = new Crypto(cryptoExtras); + } this.storageFactory = new StorageFactory(this._serviceWorkerHandler); this.sessionInfoStorage = new SessionInfoStorage("hydrogen_sessions_v1"); this.estimateStorageUsage = estimateStorageUsage;