From 2bc4dd49bb0b175ce1848f1817f8d54c6c7721f6 Mon Sep 17 00:00:00 2001 From: Florian Eitel Date: Wed, 6 Nov 2019 00:50:01 +0100 Subject: [PATCH] fix(client): don't override protocol for socket connection to 127.0.0.1 Chrome and Firefox accept `http://`/`ws://` mixed-content connection to `127.0.0.1` even when the actual website is loaded via `https://`. Fixes #2302 --- client-src/default/utils/createSocketUrl.js | 1 + 1 file changed, 1 insertion(+) diff --git a/client-src/default/utils/createSocketUrl.js b/client-src/default/utils/createSocketUrl.js index b7bf6c944d..d91b16541b 100644 --- a/client-src/default/utils/createSocketUrl.js +++ b/client-src/default/utils/createSocketUrl.js @@ -50,6 +50,7 @@ function createSocketUrl(resourceQuery) { // because the browser doesn't accept non-secure websockets. if ( hostname && + hostname !== '127.0.0.1' && (self.location.protocol === 'https:' || urlParts.hostname === '0.0.0.0') ) { protocol = self.location.protocol;