Forum Discussion

miikka's avatar
miikka
Maven
9 years ago

SDK and HTTPS

Hi,

is anybody using the SDK with a stage running on HTTPS?

 

I upgraded to the v. 1.2.1 of the SDK and tried configuring the local CSS instance to be served over HTTPS instead of HTTP. But even if I put HTTPS in responsive.conf.json, the server always seems to start over HTTP.

 

This obviously triggers a warning in the browser and when you allow the insecure content to be shown, the page looks mostly okay. But when taking a closer look I can see that some font files are triggering errors like this:

GET http://localhost:9000/html/assets/fonts/fontawesome-webfont.woff2?v=4.3.0

And I can see that the elements using FontAwesome are broken. There's also a good bunch of warnings of insecure content obviously but those assets seem to be loaded still.

 

Any pointers would be welcome.

 

Cheers,

.M

 

9 Replies

Sort By
  • YuriK's avatar
    YuriK
    Khoros Expert
    9 years ago

    Hey Mikka,

     

    We don't currently have a solution that we've fully tested for this use case. However I think either of the following should work.

     

    • Set up a proxy that will allow https and will (either haproxy, apache, or any other proxy), then point your community to the port where the proxy is set up (this can be done in Studio->Advanced->SDK)
    • Switch the browser to allow mixed content (you will have to search for the right way to do this in your browser)

     

    We are looking into making enhancements to this in the future, however currently the above should be a workaround.

     

    Let me know if either of the above solutions work for you.

     

    Hope this helps,

     

    Yuri

  • miikka's avatar
    miikka
    Maven
    9 years ago

    Hi YuriK,

    I tested both options and was still getting the same errors about some assets not being loaded. And then I realized that the missing assets are not included when exporting the Studio plugin from stage, for example:

    http://localhost:9000/html/assets/fonts/fontawesome-webfont.ttf?v=4.3.0 Failed to load resource: the server responded with a status of 404 (Not Found)

    As there's no /fonts folder under /assets and it looks like these are coming from the platform definitions:

    coreplugin/res/feature/responsivebase/v1.8-lia16.3/res/skins/bootstrap_base/sass/_variables.scss:877://$fa-font-path:        '/html/assets/fonts';
coreplugin/res/feature/responsivebase/v1.8-lia16.3/res/skins/bootstrap_base/sass/codebook/_variables-base.scss:956:$fa-font-path:        '/html/assets/fonts' !default;
coreplugin/res/feature/responsivepeak/v1.8-lia16.3/res/skins/responsive_peak/sass/_variables.scss:1445://$fa-font-path:        '/html/assets/fonts';

    Some configuration issue maybe?

     

    Cheers,

    .M 

  • PeterAsh's avatar
    PeterAsh
    Lithium Alumni (Retired)
    9 years ago

    Hi Miika,

     

    Today, I tried to replicate this issue but was unsuccessful.

     

    It worked when my site was on https, and I got the following output when serving sass.

     

     

    [11:19:47] Successfully downloaded asset = .tmp/lia/html/assets/fonts/fontawesome-webfont.woff2

     

     

    I followed the instructions in http://stackoverflow.com/questions/18321032/how-to-get-chrome-to-allow-mixed-content while running Google Chrome on the latest version of SDK & LIA.

     

    Is this issue still persisting when you follow the above steps?

     

    Thanks,

     

    Peter

  • RobertT's avatar
    RobertT
    Boss
    8 years ago

    With the push to HTTPS for communities, this one is going to become quite a big issue for workflow with the SDK.

     

    Any progress or updates a workaround?

     

    As it stands just now no browsers will load the CSS from the local machine if you're viewing the environment using a HTTPS connection.

     

    I've spun up Apache on my dev machine and configured a virtual host with self-signed SSL certs pointing to the .tmp/lia directory, the problem with this is that only the CSS file is compiled, the assets from /html/assets/ server side don't get downloaded to the .tmp/lia/<skin>/html/assets directory when navigating around the staging environment leaving elements of pages not displaying properly.

     

     

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    8 years ago

    Hi RobertT,

    I've been advocating for a workaround for this with Engineering. They asked if you tried switching the browser to allow mixed content. I couldn't tell from your post. 

  • RobertT's avatar
    RobertT
    Boss
    8 years ago

    SuzieH I have however this isn't perfect and can't be done in every browser.

     

    I use Xcode Tools and the iOS Simulator for example to test on virtual iOS devices and in those environments you cannot enable mixed content so it breaks that testing flow for mobile here.

  • RobertT's avatar
    RobertT
    Boss
    8 years ago

    This is becoming a bigger issue for us now, Apple have removed the option from Safari 11 to enable mixed/insecure content so this is no longer a viable workaround.

     

    Do we know if the SDK will be updated to allow us to serve-sass over a HTTPS service?

  • RobertT's avatar
    RobertT
    Boss
    7 years ago

    Just an update for anyone following this topic.

     

    I've managed to workaround the issue by setting up an SSL server in apache with symlinks to the assets folders in the SDK - not elegant I know but it means that my machine serves up the SDK via HTTPS - the caveat is that it's not a straightforward process to achieve and I've only been able to do this on a Mac so far.

     

    If I figure a more robust way of running a HTTPS server with simpler setup on different machines I'll share my findings.