search

dart-lang / webdev

A CLI for Dart web development.
https://pub.dev/packages/webdev
212 stars 75 forks source link

Can't load debug build over https (upgrade websocket to secure) #2435

Open jhaglund opened 6 months ago

jhaglund commented 6 months ago

The debug builds use insecure websockets to communicate with the debugger. I setup an nginx proxy to serve my build over https, to enable APIs to set secure cookies.

Serving the page over https means insecure protocols are not allowed but the debugger is connecting to ws:// insecure websockets, crashing the app and causing the loading bar to run forever.

The browser error message is: The page at 'https://site.local/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://site.local:44444/$dwdsSseHandler'. This request has been blocked; this endpoint must be available over WSS.

If supporting WSS is too much (because of certificates or something), could we get an argument to configure the debugger endpoint like: --debug-dart-url wss://site.local/$dwdsSseHandler

I would then configure nginx proxy wss://site.local requests to ws://site.local:44444

jhaglund commented 6 months ago

In addition to the browser's native error there was this error

Unhandled error detected in the injected client.js script.

You can disable this script in webdev by passing --no-injected-client if it
is preventing your app from loading, but note that this will also prevent
all debugging and hot reload/restart functionality from working.

The original error is below, please file an issue at
https://github.com/dart-lang/webdev/issues/new and attach this output:

SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
Error: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
    at Object.HtmlWebSocketChannel$connect (https://site.local/dwds/src/injected/client.js:9617:19)
    at https://site.local/dwds/src/injected/client.js:25846:106
    at _wrapJsFunctionForAsync_closure.$protected (https://site.local/dwds/src/injected/client.js:4049:15)
    at _wrapJsFunctionForAsync_closure.call$2 (https://site.local/dwds/src/injected/client.js:12422:12)
    at Object._asyncStartSync (https://site.local/dwds/src/injected/client.js:4013:20)
    at main_closure.call$0 (https://site.local/dwds/src/injected/client.js:25904:16)
    at StaticClosure._rootRun (https://site.local/dwds/src/injected/client.js:4416:16)
    at _CustomZone.run$1$1 (https://site.local/dwds/src/injected/client.js:13809:39)
    at Object.runZonedGuarded (https://site.local/dwds/src/injected/client.js:4527:88)
    at main (https://site.local/dwds/src/injected/client.js:9675:16)
    at https://site.local/dwds/src/injected/client.js:27966:7
    at https://site.local/dwds/src/injected/client.js:27949:7
    at dartProgram (https://site.local/dwds/src/injected/client.js:27960:5)
    at https://site.local/dwds/src/injected/client.js:27968:3
jmiller-pwi commented 5 months ago

Experiencing this issue as well. See related #2444