--https mode causes issues in dev by trying to connect to wss://localhost:24678 #844
Comments
Conduitry
changed the title
Conduitry
changed the title
|
I just got this, using Details
...then for some unknown reason it seems to start working (no refreshes).
Well, in my case I'm testing the Web Bluetooth API in Chrome which requires HTTPS so I'm glad for the |
|
This is just part of a larger issue with not being able to reach the hmr (?) server on that port. Rich had suggested trying to disable it when in https mode, but really it would be better if the port were configurable, if you could disable the feature separately from enabling https mode, and if its existence was documented for people who are e.g. running Kit inside Docker. Also ideally the whole page wouldn't reload when the server can't be reached. |
|
Vite lets this websocket server be configured with https://vitejs.dev/config/#server-hmr so we should be able to disable it and have a command line argument to control it. |
|
I've attempted to add an kit/packages/kit/src/core/dev/index.js Lines 103 to 106 in ccb8825 wss://localhost:24678/ so I'm not sure what's up with that or where else I might need to change something.
|
|
This problem has stopped me dead in my tracks. I'm working on a new project w/ oauth and I need an https callback to receive my login token. I hope this gets addressed soon but I'm open to workarounds in the meantime. Thank you. |
|
In case it helps, in plain Vite + Svelte projects, simply setting the When I try to do the same thing in SvelteKit, the vite server settings are being ignored. With the following config, for example, the server starts at http://localhost:3000. (I’m assuming this falls under the vite-specific settings that SvelteKit overrides.) const os = require('os')
const fs = require('fs')
const path = require('path')
const static = require('@sveltejs/adapter-static');
const pkg = require('./package.json');
// Note: the local TLS certificates will have been created at
// the post-install stage of npm install.
const certDirectory = path.join(os.homedir(), '.small-tech.org', 'auto-encrypt-localhost')
const cert = fs.readFileSync(path.join(certDirectory, 'localhost.pem'))
const key = fs.readFileSync(path.join(certDirectory, 'localhost-key.pem'))
/** @type {import('@sveltejs/kit').Config} */
module.exports = {
kit: {
// By default, `npm run build` will create a standard static app.
// You can create optimized builds for different platforms by
// specifying a different adapter
adapter: static({pages: '.generated', assets: '.generated'}),
// hydrate the <div id="svelte"> element in src/app.html
target: '#svelte',
files: {
assets: '.kit/static',
lib: '.kit/src/lib',
routes: '.kit/src/routes',
template: '.kit/src/app.html'
},
vite: {
ssr: {
noExternal: Object.keys(pkg.dependencies || {})
},
server: {
port: 444,
https: {key, cert}
}
}
}
} |
|
#581 (comment) hinted at a way that seems to work for me:
|
|
Overriding the port doesn't appear to be necessary. Overriding the protocol only seems to be possible when accessing the site via |
@mankis thank you. I used your code and it's working now. My Sveltekit app is behind a haproxy inside a docker container, because I have a API backend and a JWT cookie: In haproxy: backend frontend_server
balance roundrobin
server frontend_server_1 frontend_1:3000 cookie f1IN docker-compose, for example, I open the port 3001: frontend_1:
image: 'app/node'
user: 'node'
working_dir: '/home/node/app'
volumes:
- './frontend:/home/node/app'
command: 'npm run dev'
ports:
- '3001:3001'
networks:
- frontendAnd the result, using Firefox: For development, I think this is the workaround solution, for while. |
|
Is there any reason to have a secure socket for HMR while testing? This socket is only used to notify the client to reload modules, to display an error overlay panel, etc. I believe that the web socket protocol can/should always be 'ws'. Would it be acceptable for SvelteKit to ensure that the protocol is always set to 'ws'? Please advise if I'm stepping on anyone's toes or being redundant. |
|
That's better than nothing, but as I noted above, if you run afoul of the browser's mixed content rules, it will still cause infinite reloading. |
|
I believe I have a solution, while learning a lot about https and web sockets along the way. In Vite's web socket implementation (vite/src/node/server/ws.ts), there is an undocumented option to receive the server reference that's created by the invoking application (in this case, SvelteKit). If a server is specified, it will attach the upgrade, connection and error handlers. The challenge is to pass the reference of SvelteKit's server into Vite. The server reference needs to be passed in the config -- but the current code creates the config before the server is started. (i.e., 'vite.createServer' is called before 'get_server' in kit/src/core/dev/index.js) I don't think that switching the order makes a difference -- at least it didn't in my testing. After making the switch, I also changed the following code: I also needed to change svelte.config.js to change the HMR port to 3000: and, I ran using The two big questions are:
I was able to access the server using my Android phone and a spare laptop. |
|
If interested, I have a proposal (with source changes and a README.md to explain them) to solve the issue, without reordering the 'mainline' dev process as described in my previous comment: Proposal Let me know if I can help in any way. |
|
@Conduitry @JBusillo Might it just be a better use of time to settle with the workaround (running at |
|
PR #1517 addresses the web socket connection issues that allows using 'localhost', '127.0.0.1', or an exposed network IP address (using the --host option). There are users who want to test using external devices (smartphones, tablets) using SSL while running the dev server on their desktop/laptop. The workaround does not address these use cases. The PR already has been coded and tested, and is now pending review, approval and deployment by the maintainers. I don't see much additional time spent on this issue/PR. However, I defer any further decisions to the maintainers. |
|
@JBusillo Ok, I didn't notice your PR! Great work, and I do agree with you, for instance with this PR i will be able to test Web Authentication API on my iOS phone, which I couldn't do before. Thanks a lot, hope the PR gets merged ASAP :) |
|
I think I have a related issue -- I'm using SSL but of course not within SvelteKit itself, that seems crazy. SSL in front of it. So I spin up the dev server on 3000, put |
|
I do have a jury rigged setup that works based on having two machines. I develop and run on my workstation and view in a web browser on my laptop, so I can |
|
Here's a workaround that may work: PR 1517 It's messy, but hopefully a better solution will be implemented. |
|
For my case, if they accept my PR in Vite it resolves. vitejs/vite#3578 |
Co-authored-by: Ben McCann <[email protected]>
|
This is fixed in |
|
I was having this issue due to using an Nginx reverse proxy with a HTTPS upgrade using a custom port (SvelteKit was using its default port 3000). Is there an easy way to have the client initiate a websocket connection using the same port as the browser @JBusillo? |
What version of SvelteKit do you use? |
|
I was using the latest version at the time (18x). It works properly if the external port (for the reverse proxy) matches whatever is given to Sveltekit through the |
Describe the bug
In
--httpsmode, the site is served athttps://localhost:3000and so the Vite websocket connection that is attempted fails, because it tries to make it atwss://localhost:24678when it exists atws://localhost:24678. This results in the page being periodically reloaded.Logs
To Reproduce
npx svelte-kit dev --httpsOpen console and/or network logs and wait. Turn on timestamps on the console to help see what's happening. The page refresh rate seems to vary widely, and I haven't figured out what causes that to happen.
Expected behavior
I don't think we can force an HTTPS page to load a non-secured websocket, so we'll have to figure out how to serve a secure websocket over that port. This will also still probably cause issues because it will be a self-signed cert. I don't know how to resolve this.
Severity
High. HTTPS mode is not very usable if the browser refreshes periodically.
Additional context
I told you HTTPS mode was a mistake and you didn't believe me.
The text was updated successfully, but these errors were encountered: