Open eatyourgreens opened 3 years ago
I don't see this behaviour on Chrome Version 92.0.4515.131 (Official Build) (x86_64)
- rather i see a warning and then i can choose Advanced
and the click proceed to https://local.zooniverse.org (unsafe)
to access the local development version on a valid domain for production API systems
Version Version 92.0.4515.131 here too. I can override HSTS using thisisunsafe
. Firefox warns about the self-signed certificate, but allows me to manually trust it, so this isn't a big blocker to local development.
I have the same experience as @camallen , and if I recall, this has been standard for developing PFE in Chrome for the past... year, I think?
My main browser for work is Chrome, and I've always had to bypass the warning message with thisisunsafe
. I genuine can't recall the last time I worked on PFE without seeing that error message, and my most recent tango with PFE (lab) was when I was adding the Subject Group Viewer editor.
Check out Panoptes-Front-End's master
(0eedabbe668e2b741652e9d4e0fba91175f31b4c)
npm ci
then npm start
Open https://local.zooniverse.org:3735/
on Chrome 92 in an Incognito window -> see "Your connection is not private" warning
Type in thisisunsafe
-> warning bypassed
Sign In as darkeshard
-> success!
Open https://local.zooniverse.org:3735/
on Firefox 90 in a Private window -> see "Warning: Potential Security Risk Ahead" warning
Advanced -> Accept Risk & Continue -> warning bypassed
Sign In as darkeshard
-> success!
Expected behavior
I should be able to test logged-in behaviour in local development.
Current behavior
Chrome rejects webpack's self-signed certificates, as they're signed by an untrusted authority. This makes it impossible to log in from a local copy of PFE running on https://local.zooniverse.org:3735
https://localhost:3735 can be trusted but, of course, can't make authenticated requests on the
zooniverse.org
domain.Steps to replicate
Start up webpack dev server with
npm start
, then browse tohttps://local.zooniverse.org:3735
in Chrome.Additional information
This has probably been broken for a long time, but I haven't noticed because I usually use Firefox for development work.