Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

please create a option for HTTP or HTTPS url base #62

Open
kenchan97 opened this issue Apr 23, 2024 · 3 comments
Open

please create a option for HTTP or HTTPS url base #62

kenchan97 opened this issue Apr 23, 2024 · 3 comments

Comments

@kenchan97
Copy link

it is more flexible for user to choose HTTP or HTTPS
HTTP will give more flexibility to developers
thanks
@HelloooJoe
Copy link

While offering the flexibility to choose between HTTP and HTTPS might seem advantageous in terms of developer convenience, it's important to consider the broader implications, particularly around security.

Using HTTP in a production environment exposes users to significant risks, including data breaches and man-in-the-middle attacks. Since .NET MAUI applications can run on various devices and operating systems, ensuring the highest security standards, like enforcing HTTPS, is crucial to protect all users.

Given the critical nature of security in today’s digital environment, and the support for HTTPS in .NET MAUI, I recommend sticking with HTTPS to safeguard both user data and the integrity of applications built with .NET MAUI. This approach also aligns with modern security practices and standards.

just my two cents...

@kenchan97
Copy link
Author

we both know the advantages of HTTPS.
you can default setting "HTTPS" base,
but offer an option to developer, when they are developing.
thanks

@HelloooJoe
Copy link

I understand the flexibility you're looking for with HTTP and HTTPS options during development. However, given the architecture of the HybridWebView, the choice between HTTP and HTTPS largely doesn't impact the underlying functionality or security in the typical way.

Here's why:

Internal Traffic Handling: The use of "0.0.0.0" ensures that all web requests are handled internally. This setup means there's no real network traffic going out, whether it's HTTP or HTTPS.
HybridWebView

Speed and Simplicity: This method bypasses DNS resolution, which accelerates content loading because there are no real network requests. It's all managed within the application, making the protocol (HTTP or HTTPS) less relevant.

Security and Control: With requests not leaving the app, the usual security risks associated with HTTP (like data breaches or man-in-the-middle attacks) are non-existent. All content interactions are secure within the app's controlled environment.

Therefore, while the flexibility to switch between HTTP and HTTPS might seem beneficial, in this specific case, the setup already ensures maximum performance and security without the need for real network communication. This allows the application to function optimally with a default secure environment, simplifying development without sacrificing safety or performance.

P.S. It's also important to note that while HybridWebView handles internal content securely and efficiently, external network requests—such as calls to servers or APIs—are outside its scope. These should be managed using HTTPS for security in real network environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kenchan97 @HelloooJoe