CRA + proxy + HTTPS=true issues with OAuth flow

[JustFly1984]

Is this a bug report?

yes

Environment

1. node -v: 8.3.0

2. npm -v: 5.4.2

3. yarn --version (if you use Yarn): 1.1.0

4. npm ls react-scripts (if you haven’t ejected):

5. Operating system: OSX

Steps to Reproduce

1. I have express.js app running on http://localhost:5000
2. I have Oauth google setted up.
3. I have CRA app installed.
4. I have added target proxy setted in CRA's package:

"proxy": {
    "/auth/google": {
      "target": "https://localhost:5000"
    }
  },

5. I have npm start script modified to enable self signed SSL certificate in CRA's package.json as it recommended by README:

"scripts": {
    "start": "HTTPS=true react-scripts start"
}

6. I have link with relative path, embedded to React app, which should proxy to https://localhost:5000/auth/google:

<a href='/auth/google'>Sign In with Google</a>

Expected Behavior

Redirect tohttps://accounts.google.com/signin/oauth/...... to confirm signup:

Actual Behavior

Receiving error in browser:

Proxy error: Could not proxy request /auth/google from localhost:3000 to https://localhost:5000 (ECONNRESET).

PS: If I set proxy in package.json to HTTP instead of HTTPS:

"proxy": {
    "/auth/google": {
      "target": "http://localhost:5000"
    }
  },

and remove HTTPS=true from npm start script, everything works, but my paranoia tells me that in dev mode it is better to be protected, cos some malicious browser extensions could mess with the code.
Sorry, I do not have demo.

[javialej11]

Yes, i have the same issue the request with proxy doesn´t works & i don´t find info about it! Please help us

[JustFly1984]

I Solved it only by ejecting CRA and several additional steps to totally get rid of proxy.

The main thing you need to edit after ejecting is /config/webpackDevServer.config.js file and /scripts/start.js

You need to find all the proxy instances and remove them.
I will recommend you to use ESlint while refactoring.

[gaearon]

Do you have a proposed fix we could apply on our side?

[JustFly1984]

I think you need to make proxy optional/configurable, so it could be easy to disable/enable without ejecting CRA.

[gaearon]

We've been trying to consolidate the proxy discussion in #3366. Could you please write your input there, and try to figure out with other posters what changes to the API/configuration would be ideal? Thanks.

[gaearon]

Now that I re-read your comment, I'm not sure I understand what happened.

Proxy definitely is disabled by default. Yes, there is a call to prepare its config, but it returns undefined when there is no proxy setting.

What you describe sounds either like a bug or a misunderstanding. Maybe passing proxy: undefined somehow still has effect? I'm not sure.

Can you describe the symptoms in more detail so we can verify them?

In particular I don't see how your first symptom (something doesn't work with OAuth when you do specify proxy) is related to your second symptom (something doesn't work when you don't specify proxy).

[JustFly1984]

The issue was: I develop with HTTPS=true env, so proxy didn't work with HTTPS=true for me at least.

I think something was messing up with CORS, and I could fix it only after ejecting.

Sorry I moved on very far since then, and can't reproduce it now. I think I had this issue with CRA 1.0.7

[gaearon]

I see. I’m going to close this as there’s not enough detail for us to dig into this. But if somebody else encounters this, or you see it again, please file a new issue with a reproducing example. Thanks!