I posted this question on a SoftAP thread a couple of days ago but thought I’d re-post it here as I think that thread is getting a bit long.
I’d like to serve the SoftAP JS over an SSL encrypted page for setting up customers devices. There’s a few reasons I want to use SSL, but mainly that I want to keep customers access tokens as secure as possible.
As far as I know the current configuration won’t work, as accessing the photons IP address (http://192.168.0.1) violates the SSL encryption and as far as modern browsers are concerned could introduce vulnerabilities.
Does anyone have any ideas of how to get around this? My only thought is to create a non-secure subdomain and host the softAP routine on there, however during the claiming process there will still be customer access tokens involved so it’s not an ideal solution.
I dont think getting around the mixed content warning is going to be reliable, some browsers allow the user to accept it, but its not really ideal.
Did you come up with a solution for this?
I ended up just using a separate HTTP (non SSL) subdomain for the SoftAP part of the setup process.
I don’t actually use the Photons any more though and haven’t kept up to date with this so there may be better solutions now.
Thanks! Guess I will have to do the same.
Anyone find a solution to this? I am currently looking to add ssl to my web app but am finding myself roadblocked by mixed content warnings while accessing http://192.168.0.1 from https://my.app.com/connect-wifi-product.
I am going to explore hosting a separate HTTP subdomain as suggested above but wanted to see if there were any updates on the topic first.