[Solved] In android’s Google Chrome, how to set unsafely-treat-insecure-origin-as-secure
I’m using getUserMedia() in my web app which works fine when I test my app on localhost. But if I treat my laptop as server and launch app in Google Chrome browser of my android phone, it gives me the error:
getUserMedia() no longer works on insecure origins. To use this
feature, you should consider switching your application to a secure
origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
When I checked [https://goo.gl/rStTGz][1] I got to know that getUserMedia() is deprecated on insecure origins. It is written that for development mode,
You can run chrome with the
–unsafely-treat-insecure-origin-as-secure=”example.com” flag (replacing “example.com” with the origin you actually want to test)
How and where can I set this flag? Is there any other alternative?
Solution #1:
This can be done from chrome://flags/ or about://flags.
Go to about://flags, search for unsafely-treat-insecure-origin-as-secure flag, and enable it. You will have to provide the origin which you want to be treated as secure.
Multiple origins can be entered as comma-separated values.
Note that protocol part is also important, and specifying the IP address, or the domain name isn’t enough. eg. http:// in http://192.168.43.45.
The following is a screenshot from my mobile phone.
Mobile: Samsung Galaxy S10e
Android version: 10 (Android 10)
Google Chrome version: 79.0.3945.136
For local testing of a website I am building, geolocation was needed.
Geolocation is allowed in secure locations. I do have a production server with https certificate, but the development and debugging process would become too slow if I have to upload content to it every time.
Solution #2:
Move localhost to the device
One method is to run an HTTP server on your Android device. The consensus in answers to this question is that NanoHTTPD is worth trying. If you want a ready-made application, a web search for http server for android turned up Simple HTTP Server on Google Play Store. After copying the client side of your web application to the device and starting the server, you should be able to open http://localhost:12345 in Chrome for Android.
Or make your test server secure
You can test secure-context-only features without using --unsafely-treat-insecure-origin-as-secure by turning your existing test server into a potentially trustworthy origin. Follow these steps:
- If you do not already own a domain at a registrar that bundles DNS hosting compatible with the
dehydratedACME client, register one. This incurs a fee, which recurs as long as you keep the domain active. - Point a subdomain at your test web server’s internal IP address. It need not be reachable from the Internet.
- Configure your test web server to respond to HTTPS on port 443 of this subdomain, using
NameVirtualHostor the like. - Use the
dehydratedACME client with the appropriatedns-01hook for your DNS host to obtain a certificate from Let’s Encrypt for your test web server. - Install this certificate into your test web server.
Solution #3:
I faced with this problem too, but in Chromium, Ubuntu. I solved the problem with running this command in console:
chromium-browser --unsafely-treat-insecure-origin-as-secure="http://localhost.dev:3000" --user-data-dir=~/.config/chromium/Profile 1
where localhost.dev:3000 is your website.
For other systems information there:
how to launch chrome and set keys
Short information about --unsafely-treat-insecure-origin-as-secure flag:
Treat given (insecure) origins as secure origins. Multiple origins can
be supplied. Has no effect unless –user-data-dir is also supplied.
Example:
--unsafely-treat-insecure-origin-as-secure=http://a.test,http://b.test --user-data-dir=/test/only/profile/dir
I didn’t check, but for android you maybe can also set flags on chrome://flags page.