​Failed to upload image! crypto.subtle is undefined about affine HOT 14 CLOSED

toeverything/blocksuite#6454

I tried to use pure js to implement sha256, which should allow affine to run normally in the http.

from affine.

I got the same Problem. I asked it in the Q&A Section because i was not sure if it's a bug.
#6045 (comment)
If i use Firefox i got the same failure

from affine.

It's because you are not serving self-host AFFiNE Cloud under HTTPS (Secure Context).
https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle
https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
Many features of browsers are disabled.
CC @EYHN

from affine.

Will this become possible? As we run our entire intranet of services with only IPs and HTTP using VPNs. Pretty much no service have an issue with the lack of HTTPS. Seems like it should be possible to disable the crypto related operations and make it work on http.

Wouldn't this also be an issue in development, which usually runs on localhost HTTP?

from affine.

No, it won't.
According to the documentation, locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.
Ref: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

from affine.

Sad to hear that it won't be possible. Running over HTTP is pretty common among self-hosters and will alienate many potential users.

from affine.

We are considering shipping the self-host version with self-signed CA support in the future.

For other self-host applications, most logics are served by the server, the web page is only served as an input interface.
But for editors, things are not the same as many features are implemented in the browser side.
Some of these features need APIs that are provided by the browser in the secure context.
It is the browser who restricts you from using this feature, not us.

from affine.

I think we only used sha256, which is not difficult to implement with js, if the browser does not provide encryption API, we can use pure js to implement it.

from affine.

I tried to enable https：AFFINE_SERVER_HTTPS=true

but got the following error when accessing it with https.:
SSL received a record exceeding the maximum allowed length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG

How can I set it to https?

from affine.

I tried to enable https：AFFINE_SERVER_HTTPS=true

but got the following error when accessing it with https.: SSL received a record exceeding the maximum allowed length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

How can I set it to https?

The AFFINE_SERVER_HTTPS flag in the affine server just change some of the URLs provided by affine to https.

The https traffic needs to be provided by reverse proxy server such as nginx or caddy.

If you have a domain, you can refer to this document from caddy to configure out-of-the-box https support: https://caddyserver.com/docs/automatic-https

Another way to enable https is to use tailscale, which can help you connect to your server privately under any network. For how to enable https, please refer here: https://tailscale.com/kb/1153/enabling-https

from affine.

Ok the hint with https (secure context) was the solution in my case.
I solved it with Caddy for my local network and the the AFFINE_SERVER_HTTPS Flag.
Maybe it's also usefull for others to write it in the documentation that you need https to upload files/images.
Thanks for the clarifictation and the Project.

from affine.

Issue Status: ✅ Done

✅ Done

If the issue was a bug, it’s been fixed; if it was a missing feature, it’s been implemented.

^{_{This is an automatic reply by the bot.}}

from affine.

Upcoming in: v0.13.0

We've got great news! 🚀 This issue's fix/feature is slated for release in AFFiNE v0.13.0.
Subscribe to this issue for a notification when the release goes live!

^{_{This is an automatic reply by the bot.}}

from affine.

Thank you for effort

from affine.