Remove SSL cert for localhost

.github/workflows/webviz-config.yml

@@ -68,7 +68,6 @@ jobs:
 
       - name: 🤖 Run tests
         run: |
-          webviz certificate
           webviz preferences --theme default
           pytest ./tests --headless --forked
           webviz docs --portable ./docs_build --skip-open

CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED] - YYYY-MM-DD
 
+### Changed
+- [#374](https://github.com/equinor/webviz-config/pull/374) - Removed Webviz
+  SSL certificate generation and forcing of HTTPS connections.
+
 ## [0.2.7] - 2021-01-14
 
 ### Changed

INTRODUCTION.md

@@ -82,14 +82,32 @@ webviz build ./examples/basic_example.yaml
 and then modify `./examples/basic_example.yaml` while the Webviz application is
 still running, a hot reload will occur.
 
-#### Localhost certificate
+#### Localhost HSTS
 
-For quick local analysis, `webviz-config` uses `https` and runs on `localhost`.
-In order to create your personal :lock: `https` certificate (only valid for `localhost`), run
-```bash
-webviz certificate --auto-install
-```
-Certificate installation guidelines will be given when running the command.
+Previous versions of webviz generated a local certificate to force localhost
+connections to go through HTTPS. This is no longer the case and localhost
+connections use HTTP. As such, the `webviz certificate` command has been
+deprecated.
+
+Some browsers will force HTTPS and require extra steps to remove this security.
+Note that this is safe as no external computer may connect to a localhost
+server.
+
+If you're having issues connecting to a localhost server running Webviz due to
+security issues, perform the following steps:
+
+##### Google Chrome and Chromium
+
+These are the steps to remove HSTS, a security feature that forces HTTPS
+connections even though the user has specified HTTP:
+
+1. Navigate to chrome://net-internals/#hsts
+2. In the **Delete domain security policies**, type in "localhost" and click
+   delete
+
+##### Firefox
+
+Firefox does not have issues connecting to localhost addresses over HTTP.
 
 #### User preferences
 

tests/test_portable.py

@@ -9,15 +9,6 @@ def test_portable(dash_duo, tmp_path):
         ["webviz", "build", "basic_example.yaml", "--portable", appdir], cwd="examples"
     )
 
-    # Remove Talisman
-    filename = appdir / "webviz_app.py"
-    with open(filename, "r") as filehandle:
-        lines = filehandle.readlines()
-    with open(filename, "w") as filehandle:
-        for line in lines:
-            if not line.strip("\n").startswith("Talisman"):
-                filehandle.write(line)
-
     # Import generated app
     sys.path.append(str(appdir))
     from webviz_app import app  # pylint: disable=import-error, import-outside-toplevel

webviz_config/_docs/open_docs.py

@@ -30,7 +30,6 @@ def _index() -> str:
         host="localhost",
         port=port,
         debug=False,
-        ssl_context=webviz_config.certificate.LocalhostCertificate().ssl_context,
     )
 
 

webviz_config/_localhost_token.py

@@ -7,14 +7,13 @@
 
 
 class LocalhostToken:
-    """Uses a method similar to jupyter notebook (however, here we do it over
-    https in addition). This method is only used during interactive usage on
-    localhost, and the workflow is as follows:
+    """Uses a method similar to jupyter notebook. This method is only used during
+    interactive usage on localhost, and the workflow is as follows:
 
     - During the flask app building, a one-time-token (ott) and a cookie_token
       is generated.
     - When the app is ready, the user needs to "login" using this
-      one-time-token in the url (https://localhost:{port}?ott={token})
+      one-time-token in the url (http://localhost:{port}?ott={token})
     - If ott is valid - a cookie with a separate token is set, and the
       one-time-token is discarded. The cookie is then used for subsequent
       requests.