Will it work without https?

Will it work without https?

no, it won't. I guess we need to add something to fix that.
There seems to be no existing config option tough....

Perhaps using config options is not the correct solution, because then either HTTP or HTTPS will break. What if we make the browser send the protocol to the server?

What if we make the browser send the protocol to the server?

That would work I guess but I am not sure how we want to do this. I don't think there is a header for this except if you run it behind a reverse proxy which might set X-Forwarded-Proto.

We could just use JavaScript on the client side.

Lots of people use Chrome even if we don't like it. We should fix problems if want ZeroNet to be widely used.

We could just use JavaScript on the client side.

well, I don't think I can do this in a proper clean way in ZeroNet right now. Help would be appreciated.

We should not follow request from users to change the core, when they have browser related issues!

Then ZeroNet is dead in 5 years, most 10.

ZeroNet is only secure and anonymous if it is used with the Tor Browser.

For that matter. According to Chromestatus Firefox is going to follow that soon so Tor is going to get that change eventually, too. Didn't find a confirmation in the source tough.

Also the Change is not some random change from the Chromium or Google people but a standard they follow and I do not think ZeroNet should stand against standards for no good reason.

Additionally is worth noting that @rllola working on ZeroNet browser and she needs help.

It is neither based on Firefox or Chromium so I won't support that. An addon to Firefox or Tor or a fork of one of them would be perfectly fine and wouldn't need a reimplementation of such a complex thing as a browser.

I don't want to see any change in the core because of Google (or any other corporation for that matter) and I know that many developers agree with me.

Then the password plugin will be broken as soon as Firefox follow the new standard. To bad but I want password protection infront of my zeronet.

This also has nothing to do with Windows and technically I already forked ZeroNet and I have no intent to fork it just to fix this nitty little bug.

Also this is probably in Chromium already (didn't test) so we just excluded a vast majority of all people using zeronet with password authentication.

I going to get rid off all unnecessary plugins, UI, and trashy code related to OS and browsers from ZeroNet.
ZeroNet going to be renamed too and going to be way faster and stable than it is right now.

Yes. When you remove all those things, rename it to "zero".

problem with the "password plugin" so the solution to your problem should be implemented in that plugin and not in the core!

And now for something completely different: this patch changes the plugin, not the core.

password plugin roll_eyes Who the hell need that plugin anyway?

then remove it and don't offer it at all.

Chromium is also effected. Just tested it.

If you know what the right solution would be to fix this in the password plugin without affecting the core I am more than welcome to accept it. But this was the fastest and easiest solution to fix my problem and I just wanted to make sure it gets fixed upstream as well.

and I think you are getting a bit off topic here. Sure there are more important things to do but this would have been an easy fix where we don't need to argue over and over again but just do it and get over it.

Edit:
Wait a second. Switzerland flag, joined yesterday, wasting everyones time. I kinda remember such a person from another issue I don't want to mention now.

Back to topic:

Secure and samesite=none can only be set on https so this would break the login on http sites as the cookie then wouldn't be set at all.

One solution could be a built-in let's encrypt client for https cert, but as far as I know let's encrypt does not support cert for IP addresses, so it would require a domain name.

The cookie based authentication has other issues (Eg. it's missing from custom font file requests), so some better alternative would be great.

@SuperSandro2000 set up a reverse-proxy and than you can use letsencrypt or cookies (add headers to the proxy or gateway as you like). @HelloZeroNet on April 8, 2020 renewed the zeronet.io's certificate right after commenting here. 🤣

The cookie based authentication has other issues (Eg. it's missing from custom font file requests), so some better alternative would be great.

Some sites doesn't use cookies at all! So we don't need cookies in ZeroNet just to satisfy Google...
The solution is setting up zeronet proxies or gateways with the headers Google wishes in its shitty Chrome... You can also just give everything to the US government or contact directly the NSA without Google...

@warcriminal I have that already and the plugin would still break.

Some sites doesn't use cookies at all!

Which does not work for login protection from non static IPs without having some sort of certificate or cookie or you enter the login details for every request.
You still don't get that this will eventually also come to Firefox cause the current way of handling cookie is just insecure.

I think 36d96d4 closed this issue. Closing for now.