​Failed to upload image! crypto.subtle is undefined

[gdscwh]

What happened?

When I upload an image, it cannot be displayed and the following prompt pops up, which disappears shortly.The prompt is as follows:​
Failed to upload image! crypto.subtle is undefined

Distribution version

Linux

What browsers are you seeing the problem on if you're using web version?

Firefox

Are you self-hosting?

• Yes

Relevant log output

node --trace-warnings ...
node:internal/modules/cjs/loader:1137
  throw err;
  ^

Error: Cannot find module '/root/...'
    at Module._resolveFilename (node:internal/modules/cjs/loader:1134:15)
    at Module._load (node:internal/modules/cjs/loader:975:27)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:128:12)
    at node:internal/main/run_main_module:28:49 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}

Anything else?

No response

[BanditsBacon]

I got the same Problem. I asked it in the Q&A Section because i was not sure if it's a bug.
#6045 (comment)
If i use Firefox i got the same failure

[fourdim]

It's because you are not serving self-host AFFiNE Cloud under HTTPS (Secure Context).
https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle
https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts
Many features of browsers are disabled.
CC @EYHN

[ecker00]

Will this become possible? As we run our entire intranet of services with only IPs and HTTP using VPNs. Pretty much no service have an issue with the lack of HTTPS. Seems like it should be possible to disable the crypto related operations and make it work on http.

Wouldn't this also be an issue in development, which usually runs on localhost HTTP?

[fourdim]

No, it won't.
According to the documentation, locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.
Ref: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

[ecker00]

Sad to hear that it won't be possible. Running over HTTP is pretty common among self-hosters and will alienate many potential users.

[fourdim]

We are considering shipping the self-host version with self-signed CA support in the future.

For other self-host applications, most logics are served by the server, the web page is only served as an input interface.
But for editors, things are not the same as many features are implemented in the browser side.
Some of these features need APIs that are provided by the browser in the secure context.
It is the browser who restricts you from using this feature, not us.

[EYHN]

I think we only used sha256, which is not difficult to implement with js, if the browser does not provide encryption API, we can use pure js to implement it.

[gdscwh]

I tried to enable https：AFFINE_SERVER_HTTPS=true

but got the following error when accessing it with https.:
SSL received a record exceeding the maximum allowed length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG

How can I set it to https?

[darkskygit]

I tried to enable https：AFFINE_SERVER_HTTPS=true

but got the following error when accessing it with https.: SSL received a record exceeding the maximum allowed length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

How can I set it to https?

The AFFINE_SERVER_HTTPS flag in the affine server just change some of the URLs provided by affine to https.

The https traffic needs to be provided by reverse proxy server such as nginx or caddy.

If you have a domain, you can refer to this document from caddy to configure out-of-the-box https support: https://caddyserver.com/docs/automatic-https

Another way to enable https is to use tailscale, which can help you connect to your server privately under any network. For how to enable https, please refer here: https://tailscale.com/kb/1153/enabling-https

[BanditsBacon]

Ok the hint with https (secure context) was the solution in my case.
I solved it with Caddy for my local network and the the AFFINE_SERVER_HTTPS Flag.
Maybe it's also usefull for others to write it in the documentation that you need https to upload files/images.
Thanks for the clarifictation and the Project.

[EYHN]

toeverything/blocksuite#6454

I tried to use pure js to implement sha256, which should allow affine to run normally in the http.

[affine-issue-bot]

Issue Status: ✅ Done

✅ Done

If the issue was a bug, it’s been fixed; if it was a missing feature, it’s been implemented.

^{_{This is an automatic reply by the bot.}}

[affine-issue-bot]

Upcoming in: v0.13.0

We've got great news! 🚀 This issue's fix/feature is slated for release in AFFiNE v0.13.0.
Subscribe to this issue for a notification when the release goes live!

^{_{This is an automatic reply by the bot.}}

[BanditsBacon]

Thank you for effort