Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to allow 127.0.0.1 when accessed under secure domain? #486

Closed
cyjake opened this issue Sep 16, 2019 · 1 comment
Closed

Is it possible to allow 127.0.0.1 when accessed under secure domain? #486

cyjake opened this issue Sep 16, 2019 · 1 comment

Comments

@cyjake
Copy link

cyjake commented Sep 16, 2019

Chrome allows loading resources from http://127.0.0.1 AFAICT and it helps local developments a lot. webpack-dev-server usually serves resources at http://127.0.0.1 also (and sometimes on a different port against the main express/egg service for better build performance).
@nougad
Copy link

nougad commented Nov 3, 2019

Any update here? By now http://127.0.0.1 works in Firefox as well.

It looks like this line requires an update:

sockjs-client/lib/main.js

Lines 77 to 81 in 89f0128

var secure = parsedUrl.protocol === 'https:';
// Step 2 - don't allow secure origin with an insecure protocol
if (loc.protocol === 'https:' && !secure) {
throw new Error('SecurityError: An insecure SockJS connection may not be initiated from a page loaded over HTTPS');
}

Instead of !secure it should be something like:

if (loc.protocol === 'https:' && parsedUrl.hostname !== '127.0.0.1' && !secure) {

@nougad nougad mentioned this issue Nov 3, 2019
Closed
2 tasks
@cyjake cyjake mentioned this issue Jun 8, 2020
Closed
@chenchangping chenchangping mentioned this issue Jan 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: allow accessing http://127.0.0.1 from https page cyjake/sockjs-client
2 participants
@nougad @cyjake