Skip to content

origin header of "file://" always rejected #3821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
tom-james-watson opened this issue Sep 9, 2021 · 3 comments · Fixed by #3822
Closed
1 of 2 tasks

origin header of "file://" always rejected #3821

tom-james-watson opened this issue Sep 9, 2021 · 3 comments · Fixed by #3822

Comments

@tom-james-watson
Copy link

tom-james-watson commented Sep 9, 2021
edited
Loading

Web socket connections from an Electron BrowserWindow always have a origin header of file://. Connections to the devServer websocket server are always rejected unless you set allowedHosts: "all".

This is because this code always fails, returning a Invalid Host/Origin header error. Digging into the code a bit, it's because this code always resolves hostname as '' for origin: file://, meaning that it's impossible to add anything to allowedHosts that would match in this loop.

I suggest modifying the logic of this method to treat file:// as localhost.

  • This is a bug
  • This is a modification request

Code

N/A

Please paste the results of npx webpack-cli info here, and mention other relevant information

  System:
    OS: Linux 5.11 Ubuntu 21.04 (Hirsute Hippo)
    CPU: (12) x64 Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Memory: 4.98 GB / 31.02 GB
  Binaries:
    Node: 14.17.3 - /usr/local/bin/node
    Yarn: 1.22.5 - ~<redacted>/node_modules/.bin/yarn
    npm: 6.14.13 - /usr/local/bin/npm
  Browsers:
    Chrome: 93.0.4577.63
    Firefox: 91.0.2
  Packages:
    fork-ts-checker-webpack-plugin: ^6.3.3 => 6.3.3 
    optimize-css-assets-webpack-plugin: ^6.0.1 => 6.0.1 
    terser-webpack-plugin: ^5.2.3 => 5.2.3 
    tsconfig-paths-webpack-plugin: ^3.5.1 => 3.5.1 
    webpack: ^5.52.0 => 5.52.0 
    webpack-bundle-analyzer: ^4.4.2 => 4.4.2 
    webpack-cli: ^4.8.0 => 4.8.0 
    webpack-dev-server: ^4.1.1 => 4.1.1 
    webpack-merge: ^4.2.2 => 4.2.2

Expected Behavior

That I can specify something in allowedHosts to be able to accept requests from Electron BrowserWindows where origin header is file://.

Actual Behavior

This is not possible

For Bugs; How can we reproduce the behavior?

N/A

For Features; What is the motivation and/or use-case for the feature?

To be able to use webpack dev server without having to have the websocket server open to the world.
@alexander-akait
Copy link
Member

Please use the issue template

@tom-james-watson
Copy link
Author

I've updated the issue description.

@alexander-akait alexander-akait mentioned this issue Sep 9, 2021
Merged
6 tasks
@tom-james-watson
Copy link
Author

Great - thank you for the insanely quick turnaround ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: accept connections with file: and chrome-extensions: protoco… webpack/webpack-dev-server
2 participants
@tom-james-watson @alexander-akait