From 93da07866928ec9c90bda4f2a7e8bb3b91fddce9 Mon Sep 17 00:00:00 2001 From: rugk Date: Thu, 15 Feb 2018 02:17:37 +0100 Subject: [PATCH 1/6] Clarify that HTTPS is not just needed for VoIP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …but for basic security. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1da20632..2ebb0162 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,9 @@ released version of Riot: Releases are signed by PGP, and can be checked against the public key at https://riot.im/packages/keys/riot.asc -Note that Chrome does not allow microphone or webcam access for sites served -over http (except localhost), so for working VoIP you will need to serve Riot -over https. +Note that for the security of your chats will need to serve Riot +over HTTPS. Mayor browsers also do not allow you to use VoIP/video +chats over HTTP, as WebRTC is only usable over HTTPS. ### Installation Steps for Debian Stretch 1. Add the repository to your sources.list using either of the following two options: From cfed0cbd0dffcca2a6d1806cd1bcf40ebd05ee08 Mon Sep 17 00:00:00 2001 From: rugk Date: Mon, 5 Mar 2018 21:37:07 +0100 Subject: [PATCH 2/6] Mention localhost --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2ebb0162..39fec395 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ at https://riot.im/packages/keys/riot.asc Note that for the security of your chats will need to serve Riot over HTTPS. Mayor browsers also do not allow you to use VoIP/video chats over HTTP, as WebRTC is only usable over HTTPS. +An exception of this is localhost, which usually is alos trusted in +browsers. ### Installation Steps for Debian Stretch 1. Add the repository to your sources.list using either of the following two options: From 3c3fd7cf2a3823ae131b81c113be9d38943bbb02 Mon Sep 17 00:00:00 2001 From: rugk Date: Mon, 5 Mar 2018 21:47:28 +0100 Subject: [PATCH 3/6] Remove typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 39fec395..9fab4047 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ at https://riot.im/packages/keys/riot.asc Note that for the security of your chats will need to serve Riot over HTTPS. Mayor browsers also do not allow you to use VoIP/video chats over HTTP, as WebRTC is only usable over HTTPS. -An exception of this is localhost, which usually is alos trusted in +An exception of this is localhost, which usually is trusted in browsers. ### Installation Steps for Debian Stretch From 6437b490a6d3f3c758945f32fd2861dbf6dc17cf Mon Sep 17 00:00:00 2001 From: rugk Date: Wed, 21 Mar 2018 16:18:08 +0100 Subject: [PATCH 4/6] Fix another typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9fab4047..501f91b1 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Releases are signed by PGP, and can be checked against the public key at https://riot.im/packages/keys/riot.asc Note that for the security of your chats will need to serve Riot -over HTTPS. Mayor browsers also do not allow you to use VoIP/video +over HTTPS. Major browsers also do not allow you to use VoIP/video chats over HTTP, as WebRTC is only usable over HTTPS. An exception of this is localhost, which usually is trusted in browsers. From f7bab88079a84399b0e84d97e03ba004c61dba0e Mon Sep 17 00:00:00 2001 From: rugk Date: Tue, 27 Aug 2019 22:28:15 +0200 Subject: [PATCH 5/6] Improve exceptions mention In addition to fixes from review, also add link to official source with more information. --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 501f91b1..194f4131 100644 --- a/README.md +++ b/README.md @@ -27,8 +27,9 @@ at https://riot.im/packages/keys/riot.asc Note that for the security of your chats will need to serve Riot over HTTPS. Major browsers also do not allow you to use VoIP/video chats over HTTP, as WebRTC is only usable over HTTPS. -An exception of this is localhost, which usually is trusted in -browsers. +There are some exception like when using localhost, which is +considered a [secure context](https://developer.mozilla.org/docs/Web/Security/Secure_Contexts) +and thus allowed. ### Installation Steps for Debian Stretch 1. Add the repository to your sources.list using either of the following two options: From 658c5b42be1c17ab14a12853fc2f8c2a8bb3bb89 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 1 Sep 2019 13:41:21 +0200 Subject: [PATCH 6/6] Update README.md Co-Authored-By: Travis Ralston --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 194f4131..9dcd9cca 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ at https://riot.im/packages/keys/riot.asc Note that for the security of your chats will need to serve Riot over HTTPS. Major browsers also do not allow you to use VoIP/video chats over HTTP, as WebRTC is only usable over HTTPS. -There are some exception like when using localhost, which is +There are some exceptions like when using localhost, which is considered a [secure context](https://developer.mozilla.org/docs/Web/Security/Secure_Contexts) and thus allowed.