search

NekR / offline-plugin

Offline plugin (ServiceWorker, AppCache) for webpack (https://webpack.js.org/)
MIT License
4.52k stars 295 forks source link

offline-plugin on virtual host #332

Open niels-garve opened 6 years ago

niels-garve commented 6 years ago

Hi,

I'm currently developing a website that runs on a virtual host on my local machine without HTTPS.

Google Chrome treats my virtual host as unsecure and won't install a Service Worker. This is totally fine due to their documentation:

“Secure origins” are origins that match at least one of the following (scheme, host, port) patterns:

  • (https, , )
  • (wss, , )
  • (, localhost, )
  • (, 127/8, )
  • (, ::1/128, )
  • (file, *, —)
  • (chrome-extension, *, —)

But there's the possibility to open Chrome via Terminal and by using --unsafely-treat-insecure-origin-as-secure=http://virtual-host.test, which makes Chrome treat the provided origin as secure.

Now, if I call navigator.serviceWorker.register('/sw.js');, Chrome installs the Service Worker on my local website with virtual host - while the offline-plugin won't. I did a little research and found the hasSW-method:

function hasSW() {
  return 'serviceWorker' in navigator &&
    // This is how I block Chrome 40 and detect Chrome 41, because first has
    // bugs with history.pustState and/or hashchange
    (window.fetch || 'imageRendering' in document.documentElement.style) &&
    (window.location.protocol === 'https:' || window.location.hostname === 'localhost' || window.location.hostname.indexOf('127.') === 0)
}

I see that you added the patterns from the Chrome docs - that's nice! Do you see any chance to set an option like unsafelyTreatInsecureOriginAsSecure? To be able to trust virtual hosts without installing locally self-signed certificates?

Thank you so much!

Kind regards, Niels

niels-garve commented 6 years ago

As a quick fix I made a fork where I removed the line (window.location.protocol === 'https:' || window.location.hostname === 'localhost' || window.location.hostname.indexOf('127.') === 0).

One could argue, if this could also be a solution: leave it up to the browsers whether to execute a Service Worker or not. What do you think?

vkosovskikh commented 5 years ago

Same thing. The option is super needed.

GGAlanSmithee commented 5 years ago

I have no insight to this issue, is there a PR regarding this anywhere, would someone submit one?