-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to provide custom ssl certificates during development #5845
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be a very nice addition to CRA!
Adding custom SSL is currently the only reason why I would eject my CRA app..
cert: fs.readFileSync(crtFile), | ||
}; | ||
try { | ||
crypto.publicEncrypt(config.cert, new Buffer('')); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering, why do you do this, I mean the encrypted value is not used anywhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joggienl Thanks for reviewing. The reason for this is to try and stay consistent with create react app being easy to use and debug. This check, and the one below is to validate the certs passed in. If they are invalid it logs an easy to understand error. Without this the standard error message is some random text related to the crypto package, and it isn't clear what went wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexbrazier thanks for the quick reply!
You're correct about the more easy to understand error! That is actually much appreciated :-)
You did not answer what I was trying to get to know though, why is the call to crypto.publicEncrypt
made? Apologies for the unclear question!
Based on your reply I actually think the assumption I had beforehand was correct: by encrypting the Buffer
with the public key (and below, the private one) you actually "validate" the certificate or key.
I do have a suggestion, and that is to put a comment to explain a bit what happens, not only from user point of view. Unless you are using the encrypted value this code actually does something else then it reads, it validates the certificate. This can easily be unclear when looking to at a later moment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joggienl yeah, if the encrypt
throws then it means that the key/cert was invalid. I will update the PR to add a comment as you suggest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated it with comments, and moved the https config into a separate file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
Thanks @alexbrazier , nice work.
} | ||
|
||
try { | ||
crypto.privateEncrypt(config.key, new Buffer('')); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as on line 52, I was wondering why do this encryption?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested locally and it works exactly as described.
d099aa5
to
c01fc04
Compare
Looking forward to this! :) |
hooo.. everything checked OK, I really hope this to be released in the next version. Great job everyone thank you! 👍 |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
...! What just happened??!! 🤔😲 |
I assume he's replied to the wrong thread in his email? |
Yeah. See: #5606 It appears this person has no idea what "github" is, thinks licenses can be used to steal private data or clone phones (or something... it's not really clear), and has, I suppose, had their ex visiting some mobile cancer websites / apps. Probably pretty safe to ignore. In like a year, this would be an SNL skit, if SNL did skits about geeky stuff. |
Any luck with this? Would love to know when this is being pulled into CRA. Thx |
Any update here? Any info on why this isn't merged in yet? |
@iansu I would love to see this HTTPS certificate support merged in. |
Merge this please! |
This does work as advertised and it would be great to have this officially included. But, if I may, I've found one possible problem:
EDIT: Apologies, on reflection I think the second item is a non-issue, and better as it is, but I'll stick by the first one. |
When will this be merged? I'd love to have this soon! |
Is this the last thing blocking this PR? Would that be a good solution (adding the original error to the message):
If yes, can the PR be updated, or can it be merged and we open another PR to improve the error messages? |
@Volune I made that comment, but I'm nothing to do with the project. If I was, I'd say that the PR would be best just removing |
I am not a maintainer on the project, in think everyone can create review comments on code. I saw this PR and I liked what it was about, so I took a look and made some comments. Anyway I think your concern about not seeing the useful error details are valid enough to change this PR. @alexbrazier can you take another look? |
This pull request has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs. |
I'm still happy to make any required changes to this PR, but it would be good to hear from the team if this will be merged so I'm not wasting my time. |
Is there any chance at all the anyone from the project could at least comment on this? It is a simple, clean pull request that adds a useful, non-breaking feature. |
Please merge this 🙏 |
Hi @ianschmitz and @iansu, |
I've updated the docs version to say @mrmckeb @ianschmitz @iansu is there anything else left to do, or wait for before this PR gets merged? |
Why was this not released in 3.3 version? |
Any update on this? |
I've merged master and removed the need to add a new dependency. Also bumped the version in the docs to |
I would also be interested in this |
Apologies, I've deleted my previous post (asking for feedback from the project team) having realised that the links above from @iansu and @ianschmitz mean this is now in milestones for an upcoming release. Yay! 🎉 |
@alexbrazier can you remove the version from the documentation? Thanks for your patience! |
@andriijas I've removed the line about needing a certain version b029ef3 - does that look ok? |
Thanks for your patience everyone! Please note that env var configuration might be changed to config file in the future. |
Glad to see this MR made it in! Good job @alexbrazier @andriijas I agree about migrating to a config file as opposed to an env variable. The implementation I had made basically copied the same paradigm as how a user configures the proxy manually. My PR was closed due to staleness and this one had more traction anyhow. Does that approach make sense as a foundation for moving it to a configuration file? Mostly just curious to see how the CRA team would approach this. |
@dbk91 There are multiple discussions going on for configuration and extendability. Nothing is set in stone yet unfortunatly. |
Closes: #4050 #3603 #3441 #1411
This PR adds the option to provide a custom SSL certificate and key using the
SSL_CRT_FILE
andSSL_KEY_FILE
env vars.The webpack dev server already accepts certificates if you provide them, so this just reads the files and passes them in.
As an extra check so there is no confusion when an error occurs, it will verify the files exist and that they are valid before passing them into webpack.
You can pass in relative paths
../cert.crt
,cert.crt
etc, or full paths/Users/test/cert.crt
Testing
yarn start
andyarn create-react-app my-app
.env
fileHTTPS
flag - (same behaviour as before)HTTPS
flag and without new flags - (same behaviour as before)Invalid config errors
Doesn't exist
Invalid cert file