Complete
over 5 years ago

Garmin Connect Mobile 4.22 for Android includes the changes to allow HTTP on 127.0.0.1.

Connect version 4.20 broke local http access?

Getting several reports of functionality no longer working, it looks like Android Garmin connect app version 4.20 may have broken web request to local host via urls like http://127.0.0.1:17580/sgv.json?count=3

Horsetooth
Parents
  • over 5 years ago in reply to jim_m_58

    Hopefully I'm not way off base here, but my understanding is that the problem isn't about running an HTTPS server per se, it's about the inability to (practically) make an HTTPS connection to localhost, with a trusted certificate. For example, if you use a browser to make an HTTPS connection to a website with an untrusted self-signed certificate, you still get a security warning. 

    No certificate authority is going to hand out a trusted certificate for localhost, so afaik the only alternative would be to use a self-signed certificate, and ask all your end users to trust it manually (by installing your CA cert manually), which seems pretty onerous.

Comment
  • over 5 years ago in reply to jim_m_58

    Hopefully I'm not way off base here, but my understanding is that the problem isn't about running an HTTPS server per se, it's about the inability to (practically) make an HTTPS connection to localhost, with a trusted certificate. For example, if you use a browser to make an HTTPS connection to a website with an untrusted self-signed certificate, you still get a security warning. 

    No certificate authority is going to hand out a trusted certificate for localhost, so afaik the only alternative would be to use a self-signed certificate, and ask all your end users to trust it manually (by installing your CA cert manually), which seems pretty onerous.

Children
  • over 5 years ago in reply to jim_m_58

    I don't understand the point here. If you use HTTPS, then you have to have a trusted certificate, for both Apple and Android, as far as I can tell. 

    You can't have a trusted certificate for localhost unless you get users to manually trust your self-signed certificate, or unless someone like Lets Encrypt decides to hand out certificates for localhost, which they won't, for obvious reasons.

    To further illustrate the point, most web browsers treat HTTPS with a untrusted certificate as even worse than HTTP -- the former is blocked (with an inconvenient opt-out procedure) while the latter just gives a warning (for now). 

  • over 5 years ago in reply to FlowState

    Just something to look at and consider.  If it's HTTP/HTTPS, maybe there's a easier way around the certificate problem.