Go-ethereum: Connecting a HTTPS WebAPP to Ethereum
I'm really really excited on how web3.js and Ethereum JSON RPC can change the web forever and I will start using to spread it to the world.
I will be glad to know how I could make the communication with Ethereum client. It's because my application are served in SSL (https://www.harlan.com.br/) and the Ethereum runs locally without SSL. Did you guys pretend spread Ethereum only at Mist? Good luck with that! Will be a way more simple if the web application ask for permission on SSL SOCKET like https://local.ethereum.org:8489/ witch resolves at 127.0.0.1. It is on ROADMAP? How could I help? Where I can find the things I need to change in the source?
http://code.google.com/p/google-web-toolkit-doc-1-5/wiki/FAQ_SOP
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Someone against that?
https://github.com/aaw/maybe_tls
https://github.com/ethereum/go-ethereum/blob/465e810c66ccee49410ea34d08102a82ce7b48a5/rpc/comms/http.go#L176
Best regards,
Lucas Fernando Amorim.
lfamorim
All 6 comments
For this to work, it requires the user to be running a local node configured to serve RPC requests locally, which is targeted at developers and unlikely to be a common case in the future. Instead, solutions like browser plugins or MetaMask will likely be adopted, in addition to Mist and invariants running on multiple OSs.
What use-case do you see for Geth supporting TLS over HTTP?
tgerring
on 17 Jan 2016
I think the reason is simply to work around browser security policies. Chrome for example refuses to execute HTTP AJAX calls if the page itself was loaded over HTTPS. Still though I don't think interfacing a webpage directly with a locally running node is a good thing, neither can I imagine users allowing it, so I don't think this is really something we should be investing time in.
karalabe
on 1 Feb 2016
@karalabe is smart. Ethereum clearly needs to use something more secure like TLS for communication. The best current option is to set up a dumby server that just takes HTTPS requests and relays them to a localhost Ethereum server.
ButterinUpTheButtHole
on 30 Mar 2016
Yes, for my app, I need to communicate with a geth client installed on a server (I sign the transactions locally in the browser before sending, but I can't connect because of the browser policy…)
Now it doesn't work, but https://etherchain.org/api/web3/ used to serve a web3 API over https.
I think I will run a dumb proxy https server for the moment.
louisabraham
on 19 Nov 2016
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 5 Mar 2018
I have already setup wss using nginx ,so it really works
dylanpoe
on 29 Dec 2018
Related issues
tymat
·
3Comments
carver
·
3Comments
ysqi
·
3Comments
VenusHu
·
3Comments
VoR0220
·
3Comments
Most helpful comment
I think the reason is simply to work around browser security policies. Chrome for example refuses to execute HTTP AJAX calls if the page itself was loaded over HTTPS. Still though I don't think interfacing a webpage directly with a locally running node is a good thing, neither can I imagine users allowing it, so I don't think this is really something we should be investing time in.