Add warnings about insecure context

Most (all?) new APIs will require a "secure context", which generally
means served over TLS. We can expect crashes because of missing
functions if this requirement isn't fulfilled, so try to warn the user.

app/ui.js

@@ -61,6 +61,14 @@ const UI = {
         // Translate the DOM
         l10n.translateDOM();
 
+        // We rely on modern APIs which might not be available in an
+        // insecure context
+        if (!window.isSecureContext) {
+            // FIXME: This gets hidden when connecting
+            UI.showStatus(_("HTTPS is required for full functionality"), 'error');
+        }
+
+        // Try to fetch version number
         fetch('./package.json')
             .then((response) => {
                 if (!response.ok) {

core/rfb.js

@@ -79,6 +79,12 @@ export default class RFB extends EventTargetMixin {
             throw new Error("Must specify URL, WebSocket or RTCDataChannel");
         }
 
+        // We rely on modern APIs which might not be available in an
+        // insecure context
+        if (!window.isSecureContext) {
+            Log.Error("noVNC requires a secure context (TLS). Expect crashes!");
+        }
+
         super();
 
         this._target = target;