[FIX] Use Node's native https instead of spdy#1131
Conversation
|
@henriquemattos Thanks a lot for your contribution. Note: This PR is a breaking change and would also drop HTTP/2 support but ensure HTTPS is working again. |
|
I see your point, @flovogt . Thank you for the feedback. I see HTTP/2 in development environment as a “nice-to-have” feature, while SSL is, at least for Firefox, a “must-have”. The default settings of the browser uses https even for localhost. Besides, changing the protocol on the frontend would require a CORS, Proxy or change to the backend too. Based on your comment, I don’t understand what are the next steps?! kind regards, |
|
Thanks again for your contribution. We are currently discussing several options in the team on how to proceed with HTTPS support in UI5 CLI. Since this is a breaking change, we are thinking of actually going one step further and replacing express with connect. This would allow us to use the native Node.js HTTP/2 server directly and also solve this issue. We plan major changes to the UI5 Server in UI5 CLI v5 and never made great use of the APIs express provides over connect.
@henriquemattos I'm not able to reproduce this with Firefox 1.145. Could you share some details or documentation on this? The current documentation on Secure Context classifies localhost as "potentially trustworthy", even over HTTP. In my test, I could use for example the Clipboard API on |
|
Thanks for the update, @RandomByte . As for Firefox, I use the Developer Edition and somehow it came with the HTTPS-Only mode enabled. This was becoming a hassle not only for my localhost, but acccessing my router's IP address previously. |
|
I see, thanks. We hope we can provide a solution for current Node.js versions in UI5 CLI v5, one way or another. |
|
In the meantime, do you think would be possible to apply my solution via middleware? I mean, every time I update Node modules, I have to reimplement the workaround locally (as I’m already developing in Node v24 for the next quarter). |
Sorry for not replying to this. Since this is a breaking change we can't implement it in UI5 CLI v4. We are currently working on v5 where we still hope to switch over to the native Node.js HTTP/2 server as mentioned before. Reading your description regarding Firefox again, I'm wondering whether you have an HSTS entry for localhost that forces Firefox to use HTTPS. You might want to try to "Clear cookies and site data" for |
|
@RandomByte no worries, but thank you for getting back. In the meantime, @flovogt had already updated me on Slack about v5. And yes, Firefox eventually built a “HTTPS-only” toggle and it was switched on (not sure if by default or by me, as it has been a while). If it helps a decision on your end, I would be fine with a flag Thank you and best regards, |
Using native
httpsfrom NodeJS instead of SPDY, which is not supported by Node >= 24.According to NodeJS Releases, “v22 is about to enter Maintenance and v24 is about to become Active”. Unfortunately, this is a breaking change for UI5 CLI
servewhen using--h2, since we usespdy. According to the code comments, we usespdybecause of Node v8.4.0 😬.Tested the upgrade using Firefox Developer Edition (latest) on macOS 26 and NodeJS v24.9.0 with:
Fixes: #327
Thank you for your contribution! 🙌
To get it merged faster, kindly review the checklist below:
Pull Request Checklist