Monthly Archives: June 2017

How to Avoid Chrome Security Issues Developing Office Add-in Hosted on localhost

When developing add-ins for Office you are often serving the add-in from a local web server on a URL using the host name “localhost”. Office add-ins also require the web server to use SSL to serve the resources for the add-in. The Chrome security implementation will fire off a security error under most common development scenarios. This is when the domain of the SSL certificate does not match “localhost”.

You will see this problem manifest itself by causing your add-in to not start and show an error stating:

“Add-in Error  Something went wrong and we couldn’t start this add-in. Please try again later or contact your system administrator”

cameron-dwyer-chrome-debug-localhost-00b-add-in-error-couldnt-start

If you have the Developer Tools window open in Chrome you will see error messages getting output with the text:

“net::ERR_INSECURE_RESPONSE”

cameron-dwyer-chrome-debug-localhost-00a-net-err-insecure-response

There is a relatively easy workaround to this problem that you can implement on your development machine to allow Chrome to bypass this certificate check on URLs served from “localhost”.

Type the following into the Chrome browser URL bar:

chrome://flags/#allow-insecure-localhost

Enable the option:

“Allow invalid certificates for resources loaded from localhost. Mac, Windows, Linux, Chrome OS, Android

Allows requests to localhost over HTTPS even when an invalid certificate is presented.”

cameron-dwyer-chrome-debug-localhost-01-allow-insecure-localhost

After making this change you will need to restart Chrome.

cameron-dwyer-chrome-debug-localhost-02-relaunch-now

Advertisements
%d bloggers like this: