Web based setup and security

Hi everyone,

I’m currently building an example web setup app to connect photons to the cloud through a browser. I noticed that on setup.particle.io, you have to download an html page to use to connect the device.

Is this for a security reason? Or just to pre-load page resources for use once the browser is connected to the photon and doesn’t have internet access?

On the note of security… is there any reasons I should not be using node-rsa on the front end of my app to process the user password input?


The reason for downloading a file is that we would only want to serve the web-based setup page by https for security reasons. However, the Photon setup uses http. Most browsers disallow http requests from https pages for security reasons.

(Even though the Photon setup uses http over an unsecured Wi-Fi network, the Wi-Fi password is encrypted by the Javascript to prevent it from being sniffed.)

1 Like

Understood. Thanks for explaining that! I hadn’t thought about the HTTP requests coming off the photon being blocked and needing to serve over http because of that. Knew there was probably something I had been missing :smiley:

Was a third party package you all used to compress your entire web-setup app into a single HTML file? Or was this something more complicated?