Support https for proxying

[vojtajina]

https://github.com/nodejitsu/node-http-proxy/blob/master/examples/http/proxy-https-to-http.js

[manevpe]

+1 for this feature. It would be useful for tests running on a production-like environment. We have such an environment and it uses https and we cannot verify automatically that the deployment job was successful and everything is ok on this environment.

Is it in the roadmap for the near future? Or is there a workaround - like using a 3rd party https proxy together with karma?

[vojtajina]

@manevpe Would you like to give it a try ?

This should help you https://github.com/nodejitsu/node-http-proxy#proxying-to-https-from-https

[Grummle]

I'm playing with part of this at the moment. Setting rejectUnathorized to allow for unsigned certs in development seems important as well.

Should I put the config for that in the root of the config under validateSsl. If I do how do I get it into the proxies module? Should I follow the example in web and use di?

[vojtajina]

Awesome @Grummle I will look into your pull request... Let's discuss the details there...

[josebalius]

Is this available as of now (meaning can i update through npm)? We REALLY need this feature. Thanks!

[vojtajina]

@josebalius it's only in canary release, you can install it by npm install karma@canary.

[vojtajina]

@Grummle can we close this issue now ? I know, we need to make Karma to serve HTTPS as well, but there's already issue for it (#581).

[Grummle]

Yeah thats fine with me, I'll add the pull request for https from karma to the client in #581

[vojtajina]

@josebalius it's in canary (0.9.3 release)

Closing...

[danielabar]

Is this feature available now? If yes, what version?

[vojtajina]

Yep, see the comment above, it's in 0.9.3 (and therefore in 0.10.x) as well

[danielabar]

Ok thanks. I'm currently on 0.8.5, it seems the configuration has changed a fair bit. Is there a migration guide?
I'm currently using the config provided in phonecat tutorial

[vojtajina]

Yep, see http://goo.gl/Qegm4P and http://karma-runner.github.io/0.10/about/migration.html

[danielabar]

Thank you very much. After upgrading to v10, changing conf to new module format, and adding:

proxyValidateSSL: false

The tests pass on https.

Thanks again!

[danielabar]

Sorry to bother you again, let me know if I should open new issue for this. I scanned entire Karma v10 documentation but couldn't find anything about how to deal with secure cookies. Now that my node+express app is served only via https, I also want to make the session and xsrf cookies secure.

It works using the app, but the e2e tests fail when trying to do any POST, getting 403 forbidden from server. I believe this is because the web server started by Karma is http://localhost:9876, and not https... So even though the iframe running my app is https, the cookies aren't being sent to the karma server.

Any ideas how to make the e2e tests work with secure cookies?

[Grummle]

I looked at this. I actually went as far as hacking in https support for the karma server. Its not very hard I just haven't had time (or inclination) to do it right. I restructured my project to not really need it.

Give it a shot its just a matter of using the https module instead of http. You also have to change the address used by the script page generated by karma (the one used to connect and get/run the tests).

Its on open issue currenlty #581

[danielabar]

I found where http server is created in web-server.js and changed it to use https. But I'm not sure where the other part you're referring to is re: address used by script page? What happened with just the change to https is it times out on socket connection. I thought maybe I need to change the socket connection to also be secure in server.js around this line

var server = io.listen(webServer,

But not sure whether this is the right thing to do.

[danielabar]

Ok, after some more hacking, got it working, saved here. But its not really practical because the e2e tests are also running on Travis. I've got Karma v10.x specified as a dev dependency so would just get the real karma code each time.
Any idea when this might be available?

[vojtajina]

@Grummle I don't think it's that easy :-( I already tried this because of SPDY support (https://github.com/vojtajina/karma/tree/spdy), but if you wanna use HTTPS, you need a signed certificate, otherwise I don't know how to persuade Chrome (didn't try other browsers) to capture without manually clicking to "proceed to self-signed certificate". Even adding the self-signed certificate to system root does not solve this. I don't think we can get a signed certificate for localhost. If anybody knows how to solve this, I'm happy to merge it in. I didn't look into it more, as it really is only problem with E2E testing (using Angular scenario runner) and that's not the main focus for Karma - we have Protractor for E2E testing Angular apps.

[vojtajina]

@danielabar Now I looked into your code and see --ignore-certificate-errors flag, I didn't know about that one. Can you make sure we have a solution for this for other browsers too ? Because if we do, we can merge this into Karma, under a configuration, something like useHttps...

[danielabar]

@vojtajina Sure I could take a look if there's similar options for other browsers. Only thing I won't have any time this week or next, should be able to get to it after that.

[danhowitt]

@danielabar Your hack is just what i'm looking for. +1 kudos for getting it into a pull req.