Site becomes "not secured" after running custom extension

Hi! Maybe someone over here can point me in the right direction.

I am trying to build a custom extension, but the moment I add the extension becomes “not secured” causing CORS issues with my extension.

At the beginning I thought it might be my code, but I tried it with the “Hello World” extension and the same issue, the moment I add the localhost connection the site switched from secure to not secured

Any ideas what I might be doing wrong or what else I could test?
This is happening with Chrome, haven’t tested yet with other browsers.

Thanks in advance

It sounds like you might not be doing something correctly in testing your custom extension. Could you please share in detail the steps that you’re taking to test it that are leading to this issue?

Hello Justin, thanks for your reply. I am basically following the steps here
While doing that my browser connection with is secured, but as soon as I add the server address here and click on "start editing extension" the browser switches to not secure

As a reference this is what I see on my terminal

Any ideas what I might be doing wrong?
Thanks a lot in advance


Any ideas what might be going on? It is really odd.

Any help will be appreciated! Thanks!

So, after much debugging, it looks the switch between https and http happens because of the self-signed certificate used when I do block run

When I check the certificate being used by visiting https://localhost:9000 I see that the certificate is expired.

Is there anyway to tell block run which certificate to use? I couldn’t find any documentation about it.

Any help will be appreciated!

Sorry for the delay. I didn’t check the forum over the holiday weekend (Independence Day yesterday here in the US).

It sounds like you’re not correctly starting to edit the extension. You’re not supposed to directly visit the URL that you see after executing block run. You’re supposed to paste that URL into the field that appears when you click “Edit extension” on your extension in the sidebar. Here’s a quick guide on what to do (follow the steps in order):

Thanks Justin,
No, the issue is not with Extension URL. The issue has to do with the certificate created when I do block run as described here Self signed certificate expired after "Block run" - #2 by Justin_Barrett

For anyone else having the same issue I partially solved the issue by installing a CORS plugin for Chrome.

I’m confused. I’ve never encountered anything regarding a certificate when using block run. Could you please share a screenshot showing what you’re talking about? I’m not aware of this issue coming up for any other extension developers.

Hello @Justin_Barrett , thanks.
So, this is my understanding and the way I solved it. (it might be wrong, but it worked for me)

When you do block run what the blocks-cli is doing in the background is creating a server in your localhost on port 9000 under the URL https://localhost:9000

I am not sure if it is blocks-cli which is doing this, but it looks like there is an SSL certificate being created on the fly in order to provide https access. (here is where I might be wrong and block-cli is using a localhost certificate already in the local machine, although I spent quite some time with the issue and I couldn’t find any localhost certificate)

The issue seems to be that the certificate being created is expired therefore not valid.

It is strange I am the only one reporting this, so this might be something that is happening just to me. I did talk with another developer who was the one who provided me with the CORS plugin solution because he was experiencing the same though.

Hope this helps anyone with the same issue!

1 Like

This topic was solved and automatically closed 3 days after the last reply. New replies are no longer allowed.