Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow http: connection to 127.0.0.1 #2302

Closed
1 of 2 tasks
nougad opened this issue Nov 3, 2019 · 1 comment · Fixed by #2303, alfill/qr-code-scanner#6 or CollageLabs/collagelabs.org#60 · May be fixed by saurabharch/react-ecommerce#5 or raindigi/eShopOnContainers#2
Closed
1 of 2 tasks

Allow http: connection to 127.0.0.1 #2302

nougad opened this issue Nov 3, 2019 · 1 comment · Fixed by #2303, alfill/qr-code-scanner#6 or CollageLabs/collagelabs.org#60 · May be fixed by saurabharch/react-ecommerce#5 or raindigi/eShopOnContainers#2

Comments

@nougad
Copy link
Contributor

nougad commented Nov 3, 2019

  • This is a bug
  • This is a modification request

Code

// webpack.config.js

...
devServer: {
  disableHostCheck: true,
  public: "http://127.0.0.1:3333",
  port: 3333,
  host: "127.0.0.1"
}

Expected Behavior

Site is loaded via https://, dev-server is running on http://127.0.0.1:3333. I expect I can connect with Chrome and Firefox because http:// should be allowed for 127.0.0.1 without errors.

Actual Behavior

Webpack overrides the protocol with https:: https://github.com/webpack/webpack-dev-server/blob/master/client-src/default/utils/createSocketUrl.js#L47-L56

Which results in wrong protocol error.

For Features; What is the motivation and/or use-case for the feature?

Chrome and Firefox accept http:// connection to 127.0.0.1 even when the actual website is loaded via https://:

> window.location
... some site with https (and without CORS, otherwise 127.0.0.1 will get CORS errors)
> fetch('http://example.org');
... will fail because mixed content is not allowed
> fetch('http://127.0.0.1');
... works

But webpack-dev-server forces https: https://github.com/webpack/webpack-dev-server/blob/master/client-src/default/utils/createSocketUrl.js#L47-L56

I assume the check should be:

  if (
    hostname &&
    hostname !== '127.0.0.1' && ## line added
    (self.location.protocol === 'https:' || urlParts.hostname === '0.0.0.0')
  ) {
    protocol = self.location.protocol;
  }

slightly related:
nougad added a commit to nougad/webpack-dev-server that referenced this issue Nov 5, 2019
@nougad
fix(client): don't override protocol for socket connection to 127.0.0.1
2bc4dd4 
Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes webpack#2302
@nougad nougad mentioned this issue Nov 5, 2019
Merged
6 tasks
nougad added a commit to nougad/webpack-dev-server that referenced this issue Nov 10, 2019
@nougad
fix(client): don't override protocol for socket connection to 127.0.0.1
75e620a 
Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes webpack#2302
nougad added a commit to nougad/webpack-dev-server that referenced this issue Nov 25, 2019
@nougad
fix(client): don't override protocol for socket connection to 127.0.0.1
7a610c2 
Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes webpack#2302
hiroppy pushed a commit that referenced this issue Nov 29, 2019
@nougad @hiroppy
fix(client): don't override protocol for socket connection to 127.0.0…
3a31917 
….1 (#2303)

Chrome and Firefox accept `http://`/`ws://` mixed-content connection to
`127.0.0.1` even when the actual website is loaded via `https://`.

Fixes #2302
@bioPorco bioPorco mentioned this issue Dec 17, 2019
Closed
2 tasks
@snyk-bot snyk-bot mentioned this issue Dec 31, 2019
Merged
This was referenced Feb 22, 2020
Open
Open
@ramblingenzyme
Copy link

Hi, I have a few questions about this:

  • Can this fix be applied to localhost?
  • What's the intent of the behaviour of matching the host's protocol even if the dev server runs on a different one?
  • Can the socket endpoint be exposed on http when you've got https enabled?

Regards,
Satvik Sharma
Developer, Easy Agile

@snyk-bot snyk-bot mentioned this issue Mar 5, 2020
Open
@vpetersson vpetersson mentioned this issue Mar 6, 2020
Closed
This was referenced Mar 13, 2020
Open
Closed
Open
@snyk-bot snyk-bot mentioned this issue Mar 21, 2020
Closed
This was referenced Apr 4, 2020
Merged
Open
This was referenced May 5, 2020
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(client): don't override protocol for socket connection to 127.0.0.1 nougad/webpack-dev-server
[Snyk] Upgrade webpack-dev-server from 3.9.0 to 3.10.1 alfill/qr-code-scanner
[Snyk] Upgrade webpack-dev-server from 3.7.2 to 3.10.3 CollageLabs/collagelabs.org
[Snyk] Upgrade webpack-dev-server from 3.2.1 to 3.10.2 saurabharch/react-ecommerce
[Snyk] Upgrade webpack-dev-server from 3.1.14 to 3.10.2 raindigi/eShopOnContainers
[Snyk] Upgrade webpack-dev-server from 3.1.10 to 3.10.3 sarvaniupadrasta/learnReact
[Snyk] Upgrade webpack-dev-server from 3.0.0 to 3.10.3 DmytroSkrypnyk/test_bootstrap
[Snyk] Upgrade webpack-dev-server from 3.2.1 to 3.10.3 drich7449/create-react-app
[Snyk] Upgrade webpack-dev-server from 3.9.0 to 3.10.3 cds-snc/webpack-starter
[Snyk] Upgrade webpack-dev-server from 3.1.8 to 3.10.3 Barnstorm-Online/barnstorm-cli
2 participants
@nougad @ramblingenzyme