Question: Why do I get “auth0-spa-js must run on a secure origin” error?
According to the spec (via Github issues), Web Cryptography API requires a secure origin, so that accessing
Crypto.subtle in a not secure context return undefined.
In most browsers, secure origins are origins that match at least one of the following (scheme, host, port) patterns:
(https, *, *) (wss, *, *) (*, localhost, *) (*, 127/8, *) (*, ::1/128, *) (file, *, —)
If you’re running your application from a secure origin, it’s possible that your browser doesn’t support the Web Crypto API. For a compatibility table, please check https://caniuse.com/#feat=mdn-api_subtlecrypto