Webpacker: Page requested an insecure script
I created just a basic app to test using webpacker with Vue and added the entry <%= javascript_pack_tag 'hello_vue' %> to the application layout file.
My view loads, but the request for the Vue pack is blocked with the following error message.
Content:
The page at 'https:/myproj-bigtunacan.c9users.io/wat/home' was loaded over HTTPS, but requested an insecure script 'http://localhost:8080/packs/hello_vue.js'. This request has been blocked; the content must be served over HTTPS.
bigtunacan
All 10 comments
@bigtunacan Just setup https option in webpack/development.server.js - https://webpack.js.org/configuration/dev-server/#devserver-https
gauravtiwari
on 3 May 2017
@gauravtiwari This is maybe just due to my unfamiliarity with Webpack, but I'm still getting the same error.
This is what my development.server.js file now looks like.
// Note: You must restart bin/webpack-dev-server for changes to take effect
const { resolve } = require('path')
const merge = require('webpack-merge')
const devConfig = require('./development.js')
const { devServer, publicPath, paths } = require('./configuration.js')
module.exports = merge(devConfig, {
devServer: {
host: devServer.host,
port: devServer.port,
compress: true,
historyApiFallback: true,
contentBase: resolve(paths.output, paths.entry),
publicPath,
https: true
}
})
I reran rake webpacker:compile and restarted my Rails server, but no change.
I notice at the top of the development.server.js file it says you need to restart bin/webpack-dev-server, but I don't see how to even do that?
bigtunacan
on 3 May 2017
Oh yes, my bad the protocol is hard-coded so that needs to be fixed. Will make a PR
gauravtiwari
on 5 May 2017
I changed this line in configuration.js to get moving
const devServerUrl =https://${devServer.host}:${devServer.port}/${paths.entry}/``
In order for this to work I had to try opening the file through the browser and accept the security alert. Is there a better way?
martyphee
on 8 May 2017
@martyphee Is origin also running on https? Also, you would need to assign a self signed certificate - https://github.com/gagle/node-ssl-self-signed-certificate
gauravtiwari
on 8 May 2017
I think dev-server should take care of this, but not sure how it works for the browser - https://webpack.js.org/configuration/dev-server/#devserver-https
gauravtiwari
on 8 May 2017
I'm using puma-dev and it adds a CA cert. Not sure if mine is properly setup. I still get warnings.
My setup is subdomain.domain.dev which puma-dev routes locally to port 3000.
I can try pointing devserver to the same certs and see if it works.
martyphee
on 9 May 2017
So for my situation I did this.
Changed the configuration to drop the port number
const devServerUrl =
https://${devServer.host}/${paths.entry}/
Updated the server to point to a puma-dev configuration which has 127.0.0.1:8080 set.
default: &default
enabled: true
host: webpacker.net.dev
Seems to be working fine for my configuration. Chrome likes it.
martyphee
on 9 May 2017
Great thanks for sharing @martyphee 馃憤
gauravtiwari
on 9 May 2017
@martyphee Thanks; this worked for me as well.
@gauravtiwari I do think it feels a bit awkward how for webpack we have 2 different config files though. Some things are in development.server.js others in development.server.yml. It feels like it would be easier if everything were just in development.server.js. I find this especially non-intuitive since there are not corresponding production & test yml config files.
bigtunacan
on 9 May 2017
Related issues
ijdickinson
路
3Comments
ilrock
路
3Comments
itay-grudev
路
3Comments
eriknygren
路
3Comments
johan-smits
路
3Comments
Most helpful comment
So for my situation I did this.
Changed the configuration to drop the port number
Updated the server to point to a
puma-devconfiguration which has127.0.0.1:8080set.Seems to be working fine for my configuration. Chrome likes it.