WDS entry protocol incorrectly changed to https when using a reverse proxy web server #863
Comments
joews
added a commit
to joews/webpack-dev-server
that referenced
this issue
Mar 29, 2017
* webpack#863 WDS changes the entry protocol based on the serving page to avoid security exceptions. This doesn't work in our case because WDS is fronted by a HTTPS web server, but WDS itself is running HTTP. A better solution for our setup right now is to avoid the check and accept a security exception in dev. The issue outlines a suggested fix which I will implement if there is interest.
|
We'd happily review a Pull Request for this issue. |
|
@joews this ticket is stale at almost 6 months and will be closed if there's no response from the community. last chance to weigh in 😅 |
|
@shellscape thanks for the ping! I'll put together a PR. Thanks 😄 |
|
@joews please note if we reach the 30 day mark from the stale notice that we'll be closing this as abandoned. |
|
It looks like this issue has gone stale/abandoned. It's also worth noting that version 3 won't suffer from the same issue. If anyone gets the urge to put together a PR for the 2.x branch, we can reopen and evaluate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Do you want to request a feature or report a bug?
Edge case bug + suggested feature to fix
What is the current behavior?
When WDS serves HTTP and is fronted by a web server that serves HTTPS, WDS overrides the client script entry URL to always use
https(#592). This is incorrect in this case because WDS is serving HTTP.N.B. Browsers mark HTTP requests from HTTPS pages as a security violation, but it is possible add an exception. It's not ideal but I think that's acceptable in a dev environment.
I think the aim of #592 could be met and this issue avoided by changing protocol override check:
https: truehttp:1and2, change the entry URL to usehttps:.This fixes the case where WDS is misconfigured, but allows other setups to use the specified entry point regardless of the actual URL the app is served at.
If this fix sounds good, or if there is an alternative, I will submit a PR.
If the current behavior is a bug, please provide the steps to reproduce.
3000with entrywebpack-dev-server/client?http://localhost:3000https://localhost/wds-test-app/*tohttp://localhost:3000.https://localhost/wds-test-app.WDS will request
https://localhost:3024/sockjs-node/info?t=...- notehttpsinstead ofhttp.I can provide a gist that mimics this with an express proxy server if that would be useful.
What is the expected behavior?
WDS will request the protocol and hostname from the entry point. When the app first loads I will see a browser security warning, which I will dismiss in this case.
For example in Chrome:
If this is a feature request, what is motivation or use case for changing the behavior?
To enable the use of WDS behind a web server.
I think this is quite common where apps assume a front web server for TLS termination/auth, load balancing or user sharding.
Please mention your webpack and Operating System version.
webpack-dev-server@2.4.2
webpack@2.3.0
MacOS 10.12.3
The text was updated successfully, but these errors were encountered: