Re: Super Dev Mode over HTTPS, workarounds?
Setting up yet another web server sounds quite a bit sub-ideal to me... Thanks for the info though. Sounds like: 1) Open an HTTP port or 2) Force Chrome to accept insecure content Seem to be to most viable solutions at present... here's hoping we get a better solution thru SDM proper in the near future. -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
> I'm not sure what difference that might make, could you elaborate? I
> already have one web server talking https to the browser and the SDM script
> tries to invoke an http connection to the code server. How does adding
> another server talking HTTPS help the situation?
>
> Sorry if I'm not understanding something, I'm just confused how this would
> make any difference.
>
Didn't read that you already have a web server that talks HTTPS.
If you want to use the "recompile on reload" feature of GWT 2.7+ then a
special *.nocache.js file will be generated that has a hardcoded HTTP url
that you can not change and thus you have to live with the mixed content
warning of browsers. In Chrome you need to use google-chrome
--allow-running-insecure-content to allow mixed content again.
If you are fine with using the legacy bookmarklets of SuperDevMode you can
make your setup work with SSL, although it is a bit of work:
1.) create a custom linker outside of your client/shared/server package
that allows SSL
public class SslCrossSiteIframeLinker extends CrossSiteIframeLinker {
@Override
protected String getJsDevModeRedirectHookPermitted(LinkerContext context) {
return "$wnd.location.protocol == \"https:\" || $wnd.location.protocol ==
\"http:\" || $wnd.location.protocol == \"file:\"";
}
}
2.) create a new sslapp-DEV.gwt.xml file for your app that you use during
development and allows HTTP, HTTPS and any host name / IP. Do NOT use that
module descriptor for a real production compile!
3.) Compile that dev module using the GWT compiler and store the output in
a dedicated folder. I'll reference this folder using DEV_APP_FOLDER.
4.) Let your local web server listen on 127.0.0.1:443 and 127.0.0.1:9876
and create a SSL enabled vhost for each. The vhost of 127.0.0.1:443 should
point to DEV_APP_FOLDER so you can launch your compiled app through SSL and
the vhost 127.0.0.1:9876 should redirect everything to your GWT CodeServer
that should run on a different, local IP (e.g. http://192.168.1.100:9876).
Using Apache this could look similar to:
Listen 127.0.0.1:443
Listen 127.0.0.1:9876
ServerAdmin webmaster@localhost
# your compiled app
DocumentRoot "DEV_APP_FOLDER"
ServerName localhost
ErrorLog "/var/log/apache2/localhost-error_log"
CustomLog "/var/log/apache2/localhost-access_log" common
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
ServerAdmin webmaster@localhost
DocumentRoot "/some/tmp/folder"
ServerName localhost
ErrorLog "/var/log/apache2/localhost-codeserver-error_log"
CustomLog "/var/log/apache2/localhost-codeserver-access_log" common
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
# proxy everything from https://127.0.0.1:9876 to CodeServer running on
http://192.168.1.100:9876
ProxyPass / http://192.168.1.100:9876/
5.) Start DevMode / CodeServer using -bindAddress 192.168.1.100 (your
host's ip address)
6.) Visit https://127.0.0.1:9876 and you should see the CodeServer as the
SSL connection is proxied to the non-SSL CodeServer. Put the bookmarklets
in your browser bar.
7.) Visit https://127.0.0.1/sslapp/index.html (or similar) to launch your
compiled app of step 3.)
8.) Hit the DevMode On bookmarklet, copy the Compile bookmarklet to your
browser bar as well and then hit compile. Your app should compile, reload
and fetch your JS from the CodeServer now, through SSL.
The above might contain minor issues, but I guess you get the idea and it
should generally work.
-- J.
--
You received this message because you are subscribed to the Google Groups "GWT
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
I'm not sure what difference that might make, could you elaborate? I already have one web server talking https to the browser and the SDM script tries to invoke an http connection to the code server. How does adding another server talking HTTPS help the situation? Sorry if I'm not understanding something, I'm just confused how this would make any difference. On Wednesday, May 4, 2016 at 4:28:15 PM UTC-7, Jens wrote: > > I would probably install a local http webserver/proxy (apache, nginx, etc) > that talks https to the browser and forwards requests as desired to SDM / > your servlet container / whatever. > > -- J. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
I asked a few questions in the issue in GitHub, please go answer them so we can advance the matter. It's not that hard to do TLS, the devil is in the details: how you trigger it, whether and how you configure it, etc. -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
what is the reason for not wanting to support ssl ? Its not that hard to open an ssl socket is it ? Am I missing something? On Thu, 5 May 2016 at 01:28, Jens wrote: > I would probably install a local http webserver/proxy (apache, nginx, etc) > that talks https to the browser and forwards requests as desired to SDM / > your servlet container / whatever. > > -- J. > > -- > You received this message because you are subscribed to the Google Groups > "GWT Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to google-web-toolkit+unsubscr...@googlegroups.com. > To post to this group, send email to google-web-toolkit@googlegroups.com. > Visit this group at https://groups.google.com/group/google-web-toolkit. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
I would probably install a local http webserver/proxy (apache, nginx, etc) that talks https to the browser and forwards requests as desired to SDM / your servlet container / whatever. -- J. -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
Unfortunately, as far as I know, GWT developer have no plan to support https for super dev mode. At the moment I start chrome in insecure mode: In Ubuntu: $ google-chrome --allow-running-insecure-content -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Super Dev Mode over HTTPS, workarounds?
Unfortunately, as far as I know, GWT developer have no plan to support https for super dev mode. At the moment I start chrome in insecure mode: In Ubuntu: $ google-chrome --allow-running-insecure-content Am Dienstag, 3. Mai 2016 23:50:40 UTC+2 schrieb clou...@gmail.com: > > Greetings! > > I've been working on migrating our application over to GWT-2.8b1 (from GWT > 2.5) and moving from the classic Dev Mode to Super Dev Mode. Migrating a > simple sandbox environment went fairly smoothly, and SDM worked just fine > for that example, however I have run into problems with using SDM over > HTTPS with an external server. > > My searches haven't yielded a decent answer to this issue, though I'm > aware that this is already an open bug for GWT. > https://github.com/gwtproject/gwt/issues/7535 > > The one possible solution I came across no longer seems to work in Chrome > (mixed HTTPS-HTTP seems completely blocked), basically over-riding > CrossSiteIframeLinker. From what I've read this no longer works for Chrome > 46+: > http://spreadgwt.blogspot.com/2015/11/gwt-superdev-on-https-pages.html > > The most common response I've seen is to develop in HTTP and deploy over > HTTPS, however developing in HTTP vs HTTPS for the product requires a code > change which works for getting SDM to work, but breaks other product > functionality that is assuming HTTPS. This puts our development in a > rather painful position. > > Are there any other solutions folks have developed for this issue? It's a > pretty hefty pain point for the upgrade and I'd be a little surprised if > others haven't already figured out a workaround for the issue. Thanks for > any suggestions or tips. > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
