komf icon indicating copy to clipboard operation
komf copied to clipboard
verified publisher icon Snd-R

[Feature Request] Mixed Content

Open dymas-cz opened this issue 2 years ago • 2 comments

Hello, i'm running Komga behind reverse proxy and when i try to use userscript with komf i can't get it to run as indicated by the error below. Are there any plans to implement some form of security for komf so we can expose the servise and use it with userscript?

Mixed Content: The page at 'https://komga.mydomain.com/libraries/07MMHWFYGVEQX/series' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://192.168.1.15:32085/config'. This request has been blocked; the content must be served over HTTPS. dispatchXhrRequest @ userscript

dymas-cz avatar May 12 '23 08:05 dymas-cz

For now you can only allow mixed content in your browser settings https://superuser.com/a/1672733

As for proper secure way, it is possible to expose komf using your reverse proxy and adding basic auth restriction. To access komf you'll need to enter username and password. It should be supported by most reverse proxies

This will require handling basic auth in userscript. In connection tab a new section with komf username and password will need to be added

Snd-R avatar May 12 '23 12:05 Snd-R

@Snd-R To support mixed content with the userscript you could also use GM_xmlhttpRequest from the GM_* API which most userscript managers like Violentmonkey (https://violentmonkey.github.io/api/gm/#gm_xmlhttprequest) and Tampermonkey (https://www.tampermonkey.net/documentation.php#api:GM_xmlhttpRequest) support and add a fallback if it isn't supported.

rRoler avatar Aug 20 '23 17:08 rRoler