html-injector icon indicating copy to clipboard operation
html-injector copied to clipboard

Published 20 hours ago verified publisher icon shakyShane

BUG: Injection doesn't work over SSL

Open QWp6t opened this issue 7 years ago • 4 comments

It's certainly possible that I'm just doing something completely wrong, in which case I apologize. But after digging around for a bit, I don't see documentation on how to get html-injector to work over SSL.

Problem

When targeting a SSL URL (e.g., https://example.dev), BrowserSync will successfully proxy the URL and put it on the specified host and port over SSL (e.g., https://localhost:3000/). The cert will be invalid, i.e., self-signed, but it will still work. Nothing in BrowserSync is negatively affected by this.

html-injector, on the other hand, seems to be unable to sniff out changes to the output code under these conditions. It doesn't even gracefully fallback to refreshing the page.

This is problematic because it promotes disparity between development and production environments, i.e., that a production environment might serve files over SSL, but developers might sacrifice parity in their development environments so that they may benefit from the functionality of html-injector.

Expected Result

html-injector should be able to detect and inject changes to files even when served over SSL. Or at the very least, it should gracefully fallback to refreshing the page.

Actual Result

I tried enabling debugging to see if that would be helpful. html-injector tracks file changes as usual, but it always says Cached: 0. It appears as though it is unable to retrieve the pages.

Steps to Reproduce

Normal steps for setting up html-injector. Just make sure you tell BrowserSync to target a SSL site.

Example:

bs.init({
  host: 'localhost',
  port: 3000,
  proxy: {
    target: 'https://example.dev'
  }
});

QWp6t avatar Mar 27 '17 01:03 QWp6t

This also seems to be the case when using the serve option and https: true. I was experimenting with html-injector and couldn't get it working but when I set https: false it worked.

Could this have to do with self-signed certificates in some way? Would it work if the connection was trusted?

As an aside: there was an article this recently from letsencrypt on creating certificates for localhost, I wonder if that would help 🤷‍♂️

lunelson avatar Jun 24 '18 13:06 lunelson

Hi. I wouldn't waste time trying to get this to work over SSL. I have tried it with a trusted certificate with no luck.

navarrorc avatar Jun 24 '18 14:06 navarrorc

OK thanks @navarrorc, good to know. Too bad. However, it's an imperfect solution anyway—the diffing does sometimes make mistakes—at least I know I can make it work for non https, it will be helpful then

lunelson avatar Jun 24 '18 16:06 lunelson

(please close)

lunelson avatar Jun 22 '20 16:06 lunelson