-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add app-content-pages dev server with devcert #4004
Conversation
Noticed the app-project package.json has |
Devcert isn't well maintained nowadays, so I'm not sure how much to trust it. If you do use it to generate a local certificate, I'd personally recommend removing the local CA that it installs, just for the peace of mind of knowing that your browser isn't using an untrusted CA to validate certifcates. |
devcert was pinned to a specific version in #3118, to avoid a bug in 1.2.1, and never changed back. |
Dependabot bumped it to 1.2.2 in #3297 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! I'm able to login with my account for staging while running app-content-pages locally. Noting that this will not work if running locally on a mobile device (and it's not expected to) due to the CORS error noted in the Readme.
I'd vote for removing devcert completely, since it isn't well maintained any more and it bypasses the browser's untrusted certificate warning (unless you remove the CA that it installs.) |
@eatyourgreens if devcert is removed from both app-project and app-content-pages, what is your suggested solution to enabling sign-in while developing locally? |
@eatyourgreens - is there an alternative to devcert or a different way to run the FEM apps locally with Panoptes authentication? I'll create an issue to remove devcert so we can document, further discuss, and prioritize accordingly. |
At the moment I use the certificate for |
Thinking about it, a better solution would be for us to generate a real certificate for |
I'm also assuming that the certificate for the project app can be re-used with the content pages app, since they run on the same domain locally. |
I've opened #4103 to help document and discuss a way forward towards not using devcert. Thank you @eatyourgreens for highlighting the issues with devcert and the importance of removing the related CA cert. I'll likely merge this PR later today to continue progress on notifications in app-content-pages (update #4010 ). |
Package
Why and Context
Describe your changes
yarn dev
How to Review
Helpful explanations that will make your reviewer happy:
yarn dev
Checklist
PR Creator - Please cater the checklist to fit the review needed for your code changes.
PR Reviewer - Use the checklist during your review. Each point should be checkmarked or discussed before PR approval.
General
yarn panic && yarn bootstrap
ordocker-compose up --build
and FEM works as expectedNew Feature
Refactoring