New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ssl path #942

merged 2 commits into from Jun 14, 2017


None yet
3 participants

shellscape commented Jun 13, 2017

What kind of change does this PR introduce?
Removes the in-repo SSL Cert

Did you add or update the examples/?

Replaces the use of the in-repo ssl certificate in favor of certs generated on a 30 day cycle, per-instance of webpack-dev-server.

Does this PR introduce a breaking change?

Other information
See @TheLarkInn

@shellscape shellscape requested a review from TheLarkInn Jun 13, 2017


This comment has been minimized.

codecov bot commented Jun 13, 2017

Codecov Report

Merging #942 into master will decrease coverage by 2.32%.
The diff coverage is 33.33%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master    #942      +/-   ##
- Coverage   73.62%   71.3%   -2.33%     
  Files           4       4              
  Lines         436     453      +17     
  Branches      130     133       +3     
+ Hits          321     323       +2     
- Misses        115     130      +15
Impacted Files Coverage Δ
lib/Server.js 79.17% <33.33%> (-3.83%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 662bc31...25e1098. Read the comment docs.


sokra approved these changes Jun 14, 2017

@shellscape shellscape merged commit 9a7693c into master Jun 14, 2017

3 of 5 checks passed

codecov/patch 33.33% of diff hit (target 73.62%)
codecov/project 71.3% (-2.33%) compared to 662bc31
codacy/pr Good work! A positive pull request.
continuous-integration/travis-ci/pr The Travis CI build passed
licence/cla Contributor License Agreement is signed.

@shellscape shellscape deleted the ssl-path branch Jun 14, 2017


This comment has been minimized.


shellscape commented Jun 14, 2017

(should've squashed, my bad)


This comment has been minimized.

perlun commented Apr 16, 2018

Coming in late here - doesn't this mean that you have to re-trust the localhost cert (i.e. add it to Keychain Access if using Chrome) every month if you want to get rid of SSL warnings in the browser? (According to my April 2018 experience, Chrome doesn't trust localhost self-signed certificates unless you add it to the CA root list on the machine, or enable the chrome://flags/#allow-insecure-localhost setting.)


This comment has been minimized.


shellscape commented Apr 16, 2018

Heh, yeah nearly a year late. See: After much discussion between security experts and the webpack team, this was the solution arrived upon. Not here to debate the merits at this point, (and I no longer maintain this repo) only sharing info.


This comment has been minimized.

perlun commented Apr 17, 2018

@shellscape Thanks for the link and the clarification. Hehe, I'm not even a webpack user myself. 😉 But is implementing SSL support in our Ruby-based application framework and stumbled on this post. I respect the decisions taken by the people you refer to, just thought about the implications. But, the PR also suggests to "manage your own certificate" which makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment