Closed
Description
- This is a bug
- This is a modification request
Code
// webpack.config.js
...
devServer: {
disableHostCheck: true,
public: "http://127.0.0.1:3333",
port: 3333,
host: "127.0.0.1"
}Expected Behavior
Site is loaded via https://, dev-server is running on http://127.0.0.1:3333. I expect I can connect with Chrome and Firefox because http:// should be allowed for 127.0.0.1 without errors.
Actual Behavior
Webpack overrides the protocol with https:: https://github.com/webpack/webpack-dev-server/blob/master/client-src/default/utils/createSocketUrl.js#L47-L56
Which results in wrong protocol error.
For Features; What is the motivation and/or use-case for the feature?
Chrome and Firefox accept http:// connection to 127.0.0.1 even when the actual website is loaded via https://:
> window.location
... some site with https (and without CORS, otherwise 127.0.0.1 will get CORS errors)
> fetch('http://example.org');
... will fail because mixed content is not allowed
> fetch('http://127.0.0.1');
... works
But webpack-dev-server forces https: https://github.com/webpack/webpack-dev-server/blob/master/client-src/default/utils/createSocketUrl.js#L47-L56
I assume the check should be:
if (
hostname &&
hostname !== '127.0.0.1' && ## line added
(self.location.protocol === 'https:' || urlParts.hostname === '0.0.0.0')
) {
protocol = self.location.protocol;
}
slightly related:
- If
transportModewithsockjsis used this will block the request: Is it possible to allow 127.0.0.1 when accessed under secure domain? sockjs/sockjs-client#486 - If
transportModewithwsis used it works in Chrome but FF request at least version 70: https://bugzilla.mozilla.org/show_bug.cgi?id=1376309
Metadata
Metadata
Assignees
Labels
No labels