fix: allow accessing http://127.0.0.1 from https page

... since 127.0.0.1 is [potentially trustworthy](https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy) and honored by most browsers (chromium & firefox)
sockjs · Jun 8, 2020 · e157b91 · e157b91
1 parent 3ccf61d
commit e157b91
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/main.js b/lib/main.js
@@ -76,7 +76,7 @@ function SockJS(url, protocols, options) {
 
   var secure = parsedUrl.protocol === 'https:';
   // Step 2 - don't allow secure origin with an insecure protocol
-  if (loc.protocol === 'https:' && !secure) {
+  if (loc.protocol === 'https:' && !secure && parsedUrl.host !== '127.0.0.1') {
     throw new Error('SecurityError: An insecure SockJS connection may not be initiated from a page loaded over HTTPS');
   }