search

zooniverse / Panoptes-Front-End

Front end for zooniverse/Panoptes
https://www.zooniverse.org
Apache License 2.0
64 stars 76 forks source link

Webpack's self-signed certs don't work in Chrome #5998

Open eatyourgreens opened 3 years ago

eatyourgreens commented 3 years ago

Expected behavior

I should be able to test logged-in behaviour in local development.

Current behavior

Chrome rejects webpack's self-signed certificates, as they're signed by an untrusted authority. This makes it impossible to log in from a local copy of PFE running on https://local.zooniverse.org:3735

https://localhost:3735 can be trusted but, of course, can't make authenticated requests on the zooniverse.org domain.

Screenshot from Chrome, showing that the self-signed certificate from localhost is not allowed. Computer says no!

Steps to replicate

Start up webpack dev server with npm start, then browse to https://local.zooniverse.org:3735 in Chrome.

Additional information

This has probably been broken for a long time, but I haven't noticed because I usually use Firefox for development work.

camallen commented 3 years ago

I don't see this behaviour on Chrome Version 92.0.4515.131 (Official Build) (x86_64) - rather i see a warning and then i can choose Advanced and the click proceed to https://local.zooniverse.org (unsafe) to access the local development version on a valid domain for production API systems

Screenshot 2021-08-05 at 14 29 18
eatyourgreens commented 3 years ago

Version Version 92.0.4515.131 here too. I can override HSTS using thisisunsafe. Firefox warns about the self-signed certificate, but allows me to manually trust it, so this isn't a big blocker to local development.

shaunanoordin commented 3 years ago

I have the same experience as @camallen , and if I recall, this has been standard for developing PFE in Chrome for the past... year, I think?

My main browser for work is Chrome, and I've always had to bypass the warning message with thisisunsafe. I genuine can't recall the last time I worked on PFE without seeing that error message, and my most recent tango with PFE (lab) was when I was adding the Subject Group Viewer editor.

Testing