Skip to content

Sourcegraph Extensions do not work on HTTP instances

Created by: abeatrix

  • Sourcegraph version: confirmed on 3.37.0 & 3.38.0
  • Platform information: all instances that are not deployed in secure contexts (HTTPS)

Steps to reproduce:

  1. Set up an instance that does not run in secure contexts (HTTPS)
  2. Run Sourcegraph extensions, git-extras for example

Expected behavior:

Extensions are shown to be enabled in the side bar, and are actually running and working (code-intel, git extras etc): image

Actual behavior:

Extensions are shown to be enabled in the side bar but do not work.

In the console, the extensions are shown to be activating with the following error crypto.subtle is undefined: image

But both code-intel and git extras are not working: image

After the investigation carried in https://github.com/sourcegraph/customer/issues/784, we believe the crypto.subtle error coming from the hashCode function that is being run during the activating process is causing the issue. This error occurs as crypto.subtle is available only in secure contexts (HTTPS) according to the Mozilla docs.

This is preventing the extensions from running on air-gapped / non-secured instances.