Last Updated: Aug 20, 2024
Overview
When viewing the dev tools console within the browser on an SPA JSDK site, the following error is displayed.
auth0-spa-js must run on a secure origin
Applies To
- SPA JSDK
- Dev Tools Console
- Secure Origin Error
Solution
Internally, the SDK uses Web Cryptography API 28 to create SHA-256 digest 6.
According to the spec (via Github issues 196), Web Cryptography API requires a secure origin so that accessing Crypto.subtle in a not secure context returns undefined.
In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:
(https, *, *)
(wss, *, *)
(*, localhost, *)
(*, 127/8, *)
(*, ::1/128, *)
(file, *, —)
If the User is running their application from a secure origin, it is possible that their browser does not support the Web Crypto API. For a compatibility table, please check Can I use… Support tables for HTML5, CSS3, etc 282.
Related References
- Relevant GH issue: Please require a secure origin (Bug 25972) · Issue #28 · w3c/webcrypto · GitHub 196
- Documentation: Repository Documentation 69
- Video Tutorial