Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

laravel mix function has no secure option #744

Closed
kasperpeulen opened this issue Apr 25, 2017 · 5 comments
Closed

laravel mix function has no secure option #744

kasperpeulen opened this issue Apr 25, 2017 · 5 comments

Comments

@kasperpeulen
Copy link

kasperpeulen commented Apr 25, 2017
edited
Loading

So I use this mix function:

    <script src="{{ mix('js/app.js') }}"></script>

But it always points to http://localhost:8080/js/app.js. But I'm using valet secure in combination with the following npm hot command:

    "hot": "cross-env NODE_ENV=development node_modules/webpack-dev-server/bin/webpack-dev-server.js 
--inline --open --hot --https 
--cert=/Users/Kasper/.localhost-ssl/cert.pem --key=/Users/Kasper/.localhost-ssl/key.pem 
--config=node_modules/laravel-mix/setup/webpack.config.js"

The http url seems to be hardcoded:

        if (file_exists(public_path($manifestDirectory.'/hot'))) {
            return new HtmlString("http://localhost:8080{$path}");
        }

Maybe add an secure option?
@OwenMelbz
Copy link

Just hit the same issue this morning

@OwenMelbz
Copy link

After more investigation, with the hope to add a simple PR, the problem seems much deeper.

As you said @kasperpeulen theres lots of hardcoded things that make it unusable in many circumstances.

For example on OSX theres port range restrictions for non-sudo. Meaning that users who have got port 8080 forward to 80 to be able to serve websites without sudo access cant use it either.

So issues I've spotted are

Laravel itself has some issues in laravel/framework/src/Illuminate/Foundation/helpers.php as it hardcodes http://localhost:8080 - which isnt ssl - this could be resolved by something like

if (file_exists(public_path($manifestDirectory.'/hot'))) {
            $hotProtocol = request()->secure() ? 'https' : 'http';
            return new HtmlString("{$hotProtocol}://localhost:8080{$path}");
}

Which I've submitted a PR for laravel/framework#18943

To enable SSL on HMR without using a fluent method you can do

mix.webpackConfig({
    devServer: {
        https: true,
        port: 9999
    }
});

However the laravel helper does not respect the properties defined here - I think the mix-manifest.json or the public/hot file should contain the devServer config in it, so the mix helper can pull out the port and include that in your application.

@JeffreyWay does this seem like a possibility?

@OwenMelbz
Copy link

Another update

Just noticed 6 days ago there were some https bits added c74d71d

@kasperpeulen
Copy link
Author

I think your PR would do the trick, I override the mix helper function, like you suggested, and now everything works here. Thanks @OwenMelbz

@JeffreyWay
Copy link
Collaborator

Looks like that mix PR got merged. Thanks so much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JeffreyWay @kasperpeulen @OwenMelbz