Allow HTTP (not HTTPS) on postwoman.io

[NBTX]

Currently postwoman.io redirects insecure requests to HTTPS.
Whilst this is often desirable, it prevents us from testing HTTP-only sites.

So essentially, we just need to disable this redirect.

[liyasthomas]

Browser will block any resources (scripts , link , iframe , XMLHttpRequest, fetch) to download if original html page is in https and requested resources are in http.

Browser throws an Mixed Content error.

https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content

Only work around I found is to tweak browser security policies and allow http requests.

I'll update when I find another tweak.

[hosseinnedaee]

Maybe we should use a proxy server. send the request to proxy server fetch HTTP request on the server and then return back the response to Postwoman client.

[liyasthomas]

Proxy implementation with Nuxt middleware is planned. @hosseinnedaee would you like to work on this feature?

[hosseinnedaee]

@liyasthomas yeah sure
do you have any idea about implementation or I just start to work on it?

[liyasthomas]

@hosseinnedaee #2 had an active discussion around implementing middleware for proxy. This not only allow us to request for http but also solves CORS issues. NBTX is busy and couldn't follow this.

Later our team took it to telegram group chat for further discussions. Follow from this thread for discussion https://t.me/postwoman_app/72

https://blog.lichter.io/posts/nuxt-with-an-api/ this article discusses different methods for implementing middleware.

[hosseinnedaee]

@liyasthomas Assign me to this issue.

[frankli0324]

websocket support on this?

[liyasthomas]

@NBTX is working on proxy mode for WebSocket.

[frankli0324]

need help？

[liyasthomas]

@frankli0324 we would love to have this feature implemented. do contribute.

[frankli0324]

will take a look next week... got some schedules this weekend

[frankli0324]

what I've done so far:

I tried to create a single nginx server configuration for anyone who wants to build up their own proxy server installing as less things as possible:

server {
	server_name your_own_doman;
	listen 443 ssl;
	include /etc/nginx/conf.d/ssl; # certificate, key
	resolver 8.8.8.8;
	location / {
		if ( $arg_target = '' ) { return 403 'null target'; }
		if ( $arg_scheme = '' ) { set $arg_scheme 'http'; }
		if ( $arg_scheme = 'ws' ) { set $arg_scheme 'http'; }
		if ( $arg_scheme = 'wss' ) { set $arg_scheme 'https'; }
		if ( $arg_scheme = 'http' ) { set $port '80'; }
		if ( $arg_scheme = 'https' ) { set $port '443'; }
		if ( $arg_port != '' ) { set $port $arg_port; }
		set $query '';
		set $path '';
		rewrite_by_lua_block { # on debian/ubuntu: libnginx-mod-http-lua
        	ngx.var.query = ngx.unescape_uri(ngx.var.arg_query)
			ngx.var.path = ngx.unescape_uri(ngx.var.arg_path)
        }
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass $arg_scheme://$arg_target:$port$path?$query;
	}
}

and made a little change

diff --git a/components/realtime/websocket.vue b/components/realtime/websocket.vue
index fba150e..9c7e56c 100644
--- a/components/realtime/websocket.vue
+++ b/components/realtime/websocket.vue
@@ -103,7 +101,19 @@ export default {
         },
       ]
       try {
-        this.socket = new WebSocket(this.url)
+        if (this.$store.state.postwoman.settings.PROXY_ENABLED) {
+          const original = new URL(this.url);
+          const proxy = new URL("your_proxy_server");
+          let proto = original.protocol;
+          proxy.searchParams.append("scheme", proto.substr(0, proto.length-1));
+          proxy.searchParams.append("target", original.hostname);
+          proxy.searchParams.append("port", original.port);
+          proxy.searchParams.append("path", original.pathname);
+          proxy.searchParams.append("query", original.searchParams.toString());
+          this.socket = new WebSocket(proxy);
+        }
+        else
+          this.socket = new WebSocket(this.url)
         this.socket.onopen = event => {
           this.connectionState = true
           this.communication.log = [

still trying to adopt the original version of http proxy server so we could use a single proxy for both types of requests

[frankli0324]

demo: https://proxy.frankli.site
btw the original proxy is down

[fzyzcjy]

Any progress? When developing it is very common to deploy on localhost with HTTP not HTTPS. Thus this feature is very desired and will be commonly used.

Thanks!

p.s. @franeli0324's site seems to be down.

[liyasthomas]

For localhost endpoints, you should install Browser Extension (link in readme). For other non-https endpoints turn-on Proxy from Settings> Proxy.

*The latest Chrome extension is having a minor bug which has been fixed but is currently under review. Kindly use another browser (Firefox) local endpoints.

[fzyzcjy]

Thanks! I just searched the plugin but find it 404, so I will turn to firefox or wait

[liyasthomas]

Buggy version has been taken down - use Firefox / Proxy mode.

[fzyzcjy]

OK thanks!

By the way I find another solution: Disable Chrome's security check for this particular webpage in chrome's setting.

[idling-mind]

I'm trying to access an internal http host. Couldnt get it working in anyway. Any suggestions?

[liyasthomas]

@idling-mind turn on Proxy Mode from Settings.