Cannot upload files to encrypted rooms when Riot is served from a non-secure origin

[turt2live]

Description

Tried the upload button and drag/drop.

rageshake.js:65 TypeError: Cannot read property 'generateKey' of undefined
    at Object.n [as encryptAttachment] (index.js:20)
    at ContentMessages.js:244
    at o (util.js:16)
    at i._settlePromiseFromHandler (promise.js:512)
    at i._settlePromise (promise.js:569)
    at i._settlePromise0 (promise.js:614)
    at i._settlePromises (promise.js:693)
    at r._drainQueue (async.js:133)
    at r._drainQueues (async.js:143)
    at drainQueues (async.js:17)
    at <anonymous>

Steps to reproduce

• Upload an image/file to an encrypted room

Log: not sent

Version information

• Platform: web (in-browser)
• Browser: Chrome 60
• OS: Windows 10
• URL: Internal. Based on v0.12.2

[t3chguy]

cannot reproduce in desktop app built on develop branch :L
nvm did not save after enabling E2E

Cannot reproduce :L

[turt2live]

I also can't reproduce it on /develop or on /app.

I'll have to take a look on Monday, but it might just be a copy/paste fail when uploading the build.

fwiw, the build used was just the package available on github.

[turt2live]

I can still reliably reproduce this when using 0.12.2 from github.

[lampholder]

Unsure how to prioritise this - it seems likely that it's a function of however you're running your riot.im instance, but if this is common to everyone outside of https://riot.im/{app,develop} then it's problematic.

[turt2live]

This is a surprisingly Chrome and environment related issue, so I'll leave it to the team to triage/close this as needed.

As per https://developers.google.com/web/updates/2017/06/chrome-60-deprecations the SubtleCrypto library is not available when on an insecure page. Because we're running a pilot on Riot in the workplace, we didn't bother setting up a cert for the server.

[uhoreg]

Other things will break without a working SubtleCrypto, such as key exporting/importing, and possibly the future key verification method. It would probably be a good idea to detect the lack of SubtleCrypto and display some sort of warning that things may not work properly.

[duxovni]

(Removing the community testing label, since this requires setting up a custom non-https Element instance and making that available to everyone, or walking people through setting up their own instance locally; it's probably better to spend community testing time on things we can test on app.element.io directly)

[t3chguy]

And this issue is certainly still applicable, browsers still block SubtleCrypto on non-https.