Remove SSL cert for localhost

This commit removes SSL certification creation and usage when running
webviz. The onus is on the process that connects to the internet to
handle HTTPS, eg. Azure's firewall.

Author: pinkwah

.github/workflows/webviz-config.yml

@@ -68,7 +68,6 @@ jobs:
 
       - name: 🤖 Run tests
         run: |
-          webviz certificate
           webviz preferences --theme default
           pytest ./tests --headless --forked
           webviz docs --portable ./docs_build --skip-open

INTRODUCTION.md

@@ -82,14 +82,32 @@ webviz build ./examples/basic_example.yaml
 and then modify `./examples/basic_example.yaml` while the Webviz application is
 still running, a hot reload will occur.
 
-#### Localhost certificate
+#### Localhost HSTS
 
-For quick local analysis, `webviz-config` uses `https` and runs on `localhost`.
-In order to create your personal :lock: `https` certificate (only valid for `localhost`), run
-```bash
-webviz certificate --auto-install
-```
-Certificate installation guidelines will be given when running the command.
+Previous versions of webviz generated a local certificate to force localhost
+connections to go through HTTPS. This is no longer the case and localhost
+connections use HTTP. As such, the `webviz certificate` command has been
+deprecated.
+
+Some browsers will force HTTPS and require extra steps to remove this security.
+Note that this is safe as no external computer may connect to a localhost
+server.
+
+If you're having issues connecting to a localhost server running Webviz due to
+security issues, perform the following steps:
+
+##### Google Chrome and Chromium
+
+These are the steps to remove HSTS, a security feature that forces HTTPS
+connections even though the user has specified HTTP:
+
+1. Navigate to chrome://net-internals/#hsts
+2. In the **Delete domain security policies**, type in "localhost" and click
+   delete
+
+##### Firefox
+
+Firefox does not have issues connecting to localhost addresses over HTTP.
 
 #### User preferences
 

webviz_config/_docs/open_docs.py

@@ -30,7 +30,6 @@ def _index() -> str:
         host="localhost",
         port=port,
         debug=False,
-        ssl_context=webviz_config.certificate.LocalhostCertificate().ssl_context,
     )
 
 

webviz_config/_localhost_token.py

@@ -7,14 +7,13 @@
 
 
 class LocalhostToken:
-    """Uses a method similar to jupyter notebook (however, here we do it over
-    https in addition). This method is only used during interactive usage on
-    localhost, and the workflow is as follows:
+    """Uses a method similar to jupyter notebook. This method is only used during
+    interactive usage on localhost, and the workflow is as follows:
 
     - During the flask app building, a one-time-token (ott) and a cookie_token
       is generated.
     - When the app is ready, the user needs to "login" using this
-      one-time-token in the url (https://localhost:{port}?ott={token})
+      one-time-token in the url (http://localhost:{port}?ott={token})
     - If ott is valid - a cookie with a separate token is set, and the
       one-time-token is discarded. The cookie is then used for subsequent
       requests.
@@ -28,6 +27,7 @@ class LocalhostToken:
 
     The port is used as a postfix on the cookie name in order to make sure that
     two different localhost applications running simultaneously do not interfere.
+
     """
 
     def __init__(self, app: flask.app.Flask, port: int):

webviz_config/certificate/__init__.py

@@ -1,9 +1,9 @@
+import sys
 import json
 import argparse
 import pathlib
 
 from ._build_webviz import build_webviz
-from .certificate._certificate_generator import create_ca
 from ._docs.open_docs import open_docs
 from ._docs._create_schema import create_schema
 from ._user_data_dir import user_data_dir
@@ -82,7 +82,7 @@ def main() -> None:
         "your personal public key infrastructure",
     )
 
-    parser_cert.set_defaults(func=create_ca)
+    parser_cert.set_defaults(func=_dummy_create_ca)
 
     # Add "documentation" parser:
 
@@ -175,3 +175,14 @@ def entrypoint_schema(args: argparse.Namespace) -> None:
     args = parser.parse_args()
 
     args.func(args)
+
+
+def _dummy_create_ca() -> None:
+    """
+    Print out a message about certs being unnecessary and exit gracefully (ie.
+    returncode 0)
+    """
+    print(
+        "The 'certificate' command is no longer needed as Webviz uses HTTP for local servers"
+    )
+    sys.exit(0)