obsproject/obs-browser

crypto.subtle not available on Browser source when using local files

Hamcha opened this issue · 9 comments

Operating System Info

Windows 10

Other OS

No response

OBS Studio Version

29.0.2

OBS Studio Version (Other)

No response

OBS Studio Log URL

https://obsproject.com/logs/OEMiQz1D4Hwv0WLO

OBS Studio Crash Log URL

No response

Expected Behavior

The crypto.subtle object should be available in both hosted and local files (AFAIK Chromium allows it on file:// and localhost)

Current Behavior

crypto.subtle is only available for remote/hosted pages, shows up as undefined in local pages

Steps to Reproduce

  1. Create a browser source with a local file
  2. Use the debugger to access the console
  3. Check the value of crypto.subtle

Anything else we should know?

No response

From MDN Web Docs:

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

Why should this work in file:/// mode, which is not a secure context? Please double check if this works in the CEF client example.

Hmm it doesnt seem to work when I use file:/// in OBS, you are correct, I still think it should though. Is local file supposed to be much different than a self-hosted static server?

Hmm it doesnt seem to work when I use file:/// in OBS, you are correct, I still think it should though. Is local file supposed to be much different than a self-hosted static server?

Local files served through file:// (or file:///) are very much not equivalent to a file hosted through an HTTP server. If you need an equivalent experience, host an HTTP server. There are many very simple options for this, such as Python3's http.server.

Yeah that's been my experience so far (and why I've been hosting things locally), I was just wondering how much of that is by design, it makes helping my friends very hard because it's not as simple to ask them to do that. If this is not considered an issue I won't push further. Feel free to close.

After some local examination, this does appear to work fine in cefclient.exe, but not in obs-browser. @WizardCM might know where to look.

Officially, I believe the only way to make this work in our Local File mode is by using --unsafely-treat-insecure-origin-as-secure "http://absolute"

We could hardcode this value behind the scenes.

I'm opposed to setting something as strongly worded to mean "unsafe, don't do this" as that option is by default. If we can confirm adding that as a launch flag to OBS corrects the problem, I'd consider this issue resolved.

@Hamcha please check if adding the flag mentioned above (#407 (comment)) as a launch flag to OBS fixes this problem.

The flag should resolve this issue, closing.