Context
ServerSession.url() currently hardcodes http:// when constructing the server URL. This is acceptable for local embedded usage but limits security posture for deployments that need encrypted transport.
Proposal
Add optional TLS support so that ServerSession can return https:// URLs when the server is configured with a certificate. Self-signed certificates should be supported for local/dev use cases.
This would involve:
- Rust shim: expose whether TLS is enabled on the server handle
- Java/Go: propagate the TLS flag into
url() to select http vs https
- Optional: helper for generating self-signed certs at startup
Current behavior
// ServerSession.java
public String url() {
return "http://" + address() + ":" + port();
}References
ServerSession.java:47-49- Go equivalent:
internal/runtime/chroma.go (Server.URL method)
Context
ServerSession.url()currently hardcodeshttp://when constructing the server URL. This is acceptable for local embedded usage but limits security posture for deployments that need encrypted transport.Proposal
Add optional TLS support so that
ServerSessioncan returnhttps://URLs when the server is configured with a certificate. Self-signed certificates should be supported for local/dev use cases.This would involve:
url()to selecthttpvshttpsCurrent behavior
References
ServerSession.java:47-49internal/runtime/chroma.go(Server.URL method)