Skip to content
This repository has been archived by the owner on Apr 8, 2020. It is now read-only.

Mixed Content over HTTPS #450

Closed
aaltotsky opened this issue Nov 20, 2016 · 7 comments
Closed

Mixed Content over HTTPS #450

aaltotsky opened this issue Nov 20, 2016 · 7 comments

Comments

@aaltotsky
Copy link

I have to use HTTPS (with localhost) for server authentication using:

// Require SSL
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
});

I'm using the UseWebpackDevMiddleware as:

app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions
                {
                    HotModuleReplacement = true
                });

When I open browser, I'm getting the following error:

Mixed Content: The page at 'https://localhost:44359/home' was loaded over HTTPS, but requested an insecure EventSource endpoint 'http://localhost:50286/__webpack_hmr'. This request has been blocked; the content must be served over HTTPS.

How could I instruct WebpackDevMiddleware to use HTTPS and not HTTP protocol? Is there a parameter that I should use?
@mattburrell
Copy link

http looks hard-coded in the WebpackDevMiddleware class. @SteveSandersonMS is there a reason for this?

https://github.com/aspnet/JavaScriptServices/blob/master/src/Microsoft.AspNetCore.SpaServices/Webpack/WebpackDevMiddleware.cs

@MarkPieszak
Copy link
Contributor

If I remember right there was no easy way to get webpack HMR to be https through this pipeline. But I can't find the previous discussion about it.

@aaltotsky
Copy link
Author

There is a parameter to replace server port in the dev branch:
https://github.com/aspnet/JavaScriptServices/blob/dev/src/Microsoft.AspNetCore.SpaServices/Webpack/WebpackDevMiddlewareOptions.cs

But I have not found a way to supply https protocol. @MarkPieszak: I will appreciate any help on this. Currently, the HMR is not working as HTTP is blocked by the chrome browser.

@mattburrell
Copy link

@aaltotsky Could you not disable https during development? Maybe toggle using an environment variable. That's what I'm having to do.

@boban100janovski
Copy link

boban100janovski commented Nov 21, 2016
edited
Loading

There is an existing issue about this #271

.net core 1.1 is supposed to have part of the fix ... so hopefully we will get this soon.

Till then i launch chrome like this :
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session" --disable-web-security --allow-running-insecure-content"

So HMR will work.

I don't know if other browsers have some similar option

@SteveSandersonMS
Copy link
Member

is there a reason for this?

There are always reasons :) See #271.

It should be possible for us to fix #271 soon now that .NET Core 1.1 has shipped.

@aaltotsky
Copy link
Author

Thank you, @boban984. Your solution is working for me. I added a "new browser" to Visual studio 2015 (as Chrome-Unsecured) under IIS Express menu and now I'm able to run HMR.

@MarkPieszak MarkPieszak mentioned this issue Dec 30, 2016
Closed
@awaisab172 awaisab172 mentioned this issue Nov 16, 2022
Open
@awaisab172 awaisab172 mentioned this issue Nov 29, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@SteveSandersonMS @boban100janovski @mattburrell @MarkPieszak @aaltotsky