search

smartlook / smartlook-client

Official Smartlook client for easy frontend integration.
https://smartlook.com
MIT License
26 stars 9 forks source link

Localhost not possible without https #50

Closed CruzGil closed 1 day ago

CruzGil commented 2 weeks ago

https://github.com/smartlook/smartlook-client/blob/2f9d17d86f459dfa4a7d72107924dfe3c4c4c284/index.ts#L107C38-L107C42

It should be .origin and not .host.

Without return http:// it is not possible to use localhost without SSL.

Also here written: https://github.com/smartlook/smartlook-relay-proxy/issues/283

Joozty commented 5 days ago

Hi @CruzGil ,

Thank you for the report. Unfortunately, the fix @mrcwbr provided will not help as HTTPS is hardcoded in our SDK bundle, which is not a part of this repository. It is loaded as a script.

Don't worry, we can make it work. First, I would like to understand your use case. Is it correct to assume you need localhost for testing the setup, or is there another use case? I am just curious to understand the need.

CruzGil commented 5 days ago

Hello @Joozty

Thank you for your answer.

But I have to disagree. I know that another script is used in the background. In my case the es6/init.30fa4f337832683ccad3.js

I looked at it and understood the logic. (It wasn't easy in the minified code :D) There is a place there that adds the protocol if it is not present. A large regex command decides it:

\w+)?\//,/:\/\/172.(16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31).\w+.\w+(:\w+)?\//,/:\/\/192.168(.\w+){2}(:\w+)?\//,/:\/\/localhost(:\w+)?\//,/:\/\/127.0.0.1(:\w+)?\//,/^file:\/{3}/

As soon as http is present in the proxy-URL, http is used. If no protocol is available, https is automatically added to the url. And that is good. Unfortunately, this logic is unnecessary by my highlighted position and then it makes no sense.

My structure of our system: Smartllook client --http--> proxy --https--> smarlook-cloud.

Our proxy is not available at the public internet. Our proxy is in our local network for security reasons.

mrcwbr commented 5 days ago

Maybe I can explain our use case a little bit further. I'm in @CruzGil 's team.

At our customers, we have a machine network which uses HTTP entirely. The router on this network has an embedded proxy which adds https to every request before sending it to the cloud. We can't use https directly on our machine, because the https-root-certificates can expire and we have no option to update them.

Therefore, we have to add relayProxyUrl: 'http://192.168.73.10:50564/proxy' to the smartlook configuration.

Joozty commented 1 day ago

@CruzGil, you were right. The fix you provided was almost perfect. We released it with tiny adjustment. Can you please try v10.0.0?

Thank you!