Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Force-ssl does not count ::1 (IPv6 loopback) as a local address, which leads unwanted redirect in development environment (fix is available) #1751

Closed
yeputons opened this issue Jan 12, 2014 · 1 comment

Comments

@yeputons
Copy link
Contributor

@yeputons yeputons commented Jan 12, 2014

It's a copy of sdarnell/meteor#28 :

On my system (Windows 7, which supports IPv6) default outgoing address is ::1 (IPv6's equivalent of 127.0.0.1). Therefore, in force-ssl/force-ssl-server.js:18 the remoteAddress variable has 127.0.0.1, but x-forwarded-for is ::1, which is, obviously, not equal to 127.0.0.1.

This leads to force redirection to https in development environment without even a port (just to https://localhost/), and 443 is not listened by anyone.

Not sure if it's Windows-only bug, because Linux supports IPv6 as well. It's already fixed in sdarnell@f9e2e2c ( fixed in sdarnell/meteor#29 )

@glasser
Copy link
Member

@glasser glasser commented Jan 15, 2014

OK, this seems reasonable. Can you file this as a PR?

Also, it seems like the regexp should have ^ and $; it's weird and probably a bug that the existing regexp didn't. Can you add that (and verify it)?

(Really, this whole block should be dropped and packages should just be able to detect meteor run (local development mode). We need to design an API or env var for that though. Something like a simpler version of #243 )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants