Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow http: connection to 127.0.0.1 #2302

Closed
1 of 2 tasks
nougad opened this issue Nov 3, 2019 · 1 comment · Fixed by #2303, alfill/qr-code-scanner#6 or CollageLabs/collagelabs.org#60 · May be fixed by saurabharch/react-ecommerce#5 or raindigi/eShopOnContainers#2
Closed
1 of 2 tasks

Comments

@nougad
Copy link
Contributor

nougad commented Nov 3, 2019

  • This is a bug
  • This is a modification request

Code

// webpack.config.js

...
devServer: {
  disableHostCheck: true,
  public: "http://127.0.0.1:3333",
  port: 3333,
  host: "127.0.0.1"
}

Expected Behavior

Site is loaded via https://, dev-server is running on http://127.0.0.1:3333. I expect I can connect with Chrome and Firefox because http:// should be allowed for 127.0.0.1 without errors.

Actual Behavior

Webpack overrides the protocol with https:: https://github.com/webpack/webpack-dev-server/blob/master/client-src/default/utils/createSocketUrl.js#L47-L56

Which results in wrong protocol error.

For Features; What is the motivation and/or use-case for the feature?

Chrome and Firefox accept http:// connection to 127.0.0.1 even when the actual website is loaded via https://:

> window.location
... some site with https (and without CORS, otherwise 127.0.0.1 will get CORS errors)
> fetch('http://example.org');
... will fail because mixed content is not allowed
> fetch('http://127.0.0.1');
... works

But webpack-dev-server forces https: https://github.com/webpack/webpack-dev-server/blob/master/client-src/default/utils/createSocketUrl.js#L47-L56

I assume the check should be:

  if (
    hostname &&
    hostname !== '127.0.0.1' && ## line added
    (self.location.protocol === 'https:' || urlParts.hostname === '0.0.0.0')
  ) {
    protocol = self.location.protocol;
  }

slightly related:

nougad added a commit to nougad/webpack-dev-server that referenced this issue Nov 5, 2019
Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes webpack#2302
nougad added a commit to nougad/webpack-dev-server that referenced this issue Nov 10, 2019
Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes webpack#2302
nougad added a commit to nougad/webpack-dev-server that referenced this issue Nov 25, 2019
Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes webpack#2302
hiroppy pushed a commit that referenced this issue Nov 29, 2019
….1 (#2303)

Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes #2302
@ramblingenzyme
Copy link

Hi, I have a few questions about this:

  • Can this fix be applied to localhost?
  • What's the intent of the behaviour of matching the host's protocol even if the dev server runs on a different one?
  • Can the socket endpoint be exposed on http when you've got https enabled?

Regards,
Satvik Sharma
Developer, Easy Agile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment