Replies: 1 comment 3 replies
-
|
Thanks for bringing that up @sabljak This callback id doesn't need to be cryptographically secure. We can go with something simpler than Curious, is the combobox not working for you because of this? Or is it just generating console warnings with no effect? Also curious, what's the use-case for not running on HTTPS? Is this an internal app or something? Not opposed to making the change, just want to understand the reasons for it before we do it. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, the combobox is not working because of this, it is throwing errors in the console. 
The use-case for not running the app on HTTPS is a review app environment. |
Beta Was this translation helpful? Give feedback.
-
|
Got it. Yeah, I'd welcome a PR to use any random string that's practically guaranteed not to have collisions.
|
Beta Was this translation helpful? Give feedback.
-
|
Great! I will create a PR addressing this issue soon. Thanks! 🙌 |
Beta Was this translation helpful? Give feedback.
-
Hotwire Combobox uses
crypto.randomUUIDto generate random Callback ID but that seems to be the problem when running the app in an HTTP environment sincerandomUUID()is available only in secure contexts.What do you think about generating the Callback ID some other way, a custom implementation with crypto.getRandomValues() since it is the only member of the Crypto interface that can be used from an insecure context.
I can submit a PR if you are interested.
👋
Beta Was this translation helpful? Give feedback.
All reactions