Description
We’re seeing inconsistent availability of the Web Crypto API depending on the environment. Specifically, crypto.randomUUID() works in some contexts but is undefined in others.
This appears to be tied to whether the page is running in a secure context.
Reproduction
Open app over HTTPS (or localhost):
crypto.randomUUID()
✅ Works as expected
Open app over internal HTTP hostname:
http://randomUrl.com
crypto.randomUUID()
❌ TypeError: crypto.randomUUID is not a function
Debug Info
running command in both windows
console.log(JSON.stringify({
isSecureContext,
hasCrypto: !!window.crypto,
hasRandomUUID: !!window.crypto?.randomUUID,
location: window.location.href
}));Result on HTTPs/localhost environment(localhost):
{"isSecureContext":true,"hasCrypto":true,"hasRandomUUID":true,"location":"http://localhost:51212/"}
Result on internal HTTP hostname::
{"isSecureContext":false,"hasCrypto":true,"hasRandomUUID":false,"location":"http://***:8084/"}
crypto.randomUUID() should be available in all supported environments where UUID generation is required.
Actual Behaviour
crypto.randomUUID() is unavailable when the app is served over non-secure HTTP (non-localhost), causing runtime errors.
Root Cause
The Web Crypto API (including randomUUID) is only available in secure contexts:
✅ HTTPS
✅ http://localhost
❌ arbitrary HTTP origins (e.g. internal hostnames)
Description
We’re seeing inconsistent availability of the Web Crypto API depending on the environment. Specifically, crypto.randomUUID() works in some contexts but is undefined in others.
This appears to be tied to whether the page is running in a secure context.
Reproduction
Open app over HTTPS (or localhost):
crypto.randomUUID()
✅ Works as expected
Open app over internal HTTP hostname:
http://randomUrl.com
crypto.randomUUID()
❌ TypeError: crypto.randomUUID is not a function
Debug Info
running command in both windows
Result on HTTPs/localhost environment(localhost):
{"isSecureContext":true,"hasCrypto":true,"hasRandomUUID":true,"location":"http://localhost:51212/"}
Result on internal HTTP hostname::
{"isSecureContext":false,"hasCrypto":true,"hasRandomUUID":false,"location":"http://***:8084/"}
crypto.randomUUID() should be available in all supported environments where UUID generation is required.
Actual Behaviour
crypto.randomUUID() is unavailable when the app is served over non-secure HTTP (non-localhost), causing runtime errors.
Root Cause
The Web Crypto API (including randomUUID) is only available in secure contexts:
✅ HTTPS
✅ http://localhost
❌ arbitrary HTTP origins (e.g. internal hostnames)