New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ssl path #942

Merged
merged 2 commits into from Jun 14, 2017

Conversation

Projects
None yet
3 participants
@shellscape
Contributor

shellscape commented Jun 13, 2017

What kind of change does this PR introduce?
Removes the in-repo SSL Cert

Did you add or update the examples/?

Summary
Replaces the use of the in-repo ssl certificate in favor of certs generated on a 30 day cycle, per-instance of webpack-dev-server.

Does this PR introduce a breaking change?
Negatory

Other information
See @TheLarkInn

@shellscape shellscape requested a review from TheLarkInn Jun 13, 2017

@codecov

This comment has been minimized.

codecov bot commented Jun 13, 2017

Codecov Report

Merging #942 into master will decrease coverage by 2.32%.
The diff coverage is 33.33%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master    #942      +/-   ##
=========================================
- Coverage   73.62%   71.3%   -2.33%     
=========================================
  Files           4       4              
  Lines         436     453      +17     
  Branches      130     133       +3     
=========================================
+ Hits          321     323       +2     
- Misses        115     130      +15
Impacted Files Coverage Δ
lib/Server.js 79.17% <33.33%> (-3.83%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 662bc31...25e1098. Read the comment docs.

@sokra

sokra approved these changes Jun 14, 2017

@shellscape shellscape merged commit 9a7693c into master Jun 14, 2017

3 of 5 checks passed

codecov/patch 33.33% of diff hit (target 73.62%)
Details
codecov/project 71.3% (-2.33%) compared to 662bc31
Details
codacy/pr Good work! A positive pull request.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details

@shellscape shellscape deleted the ssl-path branch Jun 14, 2017

@shellscape

This comment has been minimized.

Contributor

shellscape commented Jun 14, 2017

(should've squashed, my bad)

@perlun

This comment has been minimized.

perlun commented Apr 16, 2018

Coming in late here - doesn't this mean that you have to re-trust the localhost cert (i.e. add it to Keychain Access if using Chrome) every month if you want to get rid of SSL warnings in the browser? (According to my April 2018 experience, Chrome doesn't trust localhost self-signed certificates unless you add it to the CA root list on the machine, or enable the chrome://flags/#allow-insecure-localhost setting.)

@shellscape

This comment has been minimized.

Contributor

shellscape commented Apr 16, 2018

Heh, yeah nearly a year late. See: https://medium.com/@mikenorth/webpack-preact-cli-vulnerability-961572624c54. After much discussion between security experts and the webpack team, this was the solution arrived upon. Not here to debate the merits at this point, (and I no longer maintain this repo) only sharing info.

@perlun

This comment has been minimized.

perlun commented Apr 17, 2018

@shellscape Thanks for the link and the clarification. Hehe, I'm not even a webpack user myself. 😉 But is implementing SSL support in our Ruby-based application framework and stumbled on this post. I respect the decisions taken by the people you refer to, just thought about the implications. But, the PR also suggests to "manage your own certificate" which makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment