dev server with Cordova : cannot configure HTTPS

[mpacary]

Quoting this forum post from Narmer23:

---

The Quasar devServer can be started in an HTTPS enviroment setting the https attribute in quasar.conf.js:

devServer: {
  https: true
 [...]
}

Unfortunately this setting is ignored when starting the devServer in Cordova or Electron mode, since false is hard-coded in /node_modules/quasar-cli/lib/quasar-config.js line 528:

  else if (this.ctx.mode.cordova || this.ctx.mode.electron) {
    Object.assign(cfg.devServer, {
      https: false,
      open: false
    })
  }

Changing here the https value to true “solves” this issue, but being inside the library it’s not a good way to solve it. We should have the possibility to configure it from the project’s quasar.conf.js.

---

Reproduced using Quasar 0.16.4.

[rstoenescu]

Hi,

There's a reason why it's disabled by default, otherwise your Cordova or Electron would fail to load due to technical issues on behalf of those two platforms. If things have changed in the meantime and you can confirm 100% that the issues are no longer valid, please do reopen this ticket. Thank you.

[mpacary]

@rstoenescu Thanks for your very quick reply & explanations.

[insign]

Should not these considerations be in the documentation? I mean, the workaround worked very well for me.

[TheCheat]

@rstoenescu perhaps then, its just better to warn while building, rather than strictly prohibiting from using https: true with electron/cordova, that this might cause some errors, 'cause im not getting any and rewriting this setting in node_modules dir isn't the best solution, IMO.

[rstoenescu]

Allowing you to run https on the devserver would translate as: "Quasar CLI allows you to fail miserably when deploying". The reason is simple. The devserver runs on http:// protocol while the app on a mobile phone (built and installed with an .apk or .app) runs on file:// protocol. Different protocols, different browser security settings for each protocol. You might be happy that your features might work while developing your app, but when you actually deploy it, big surprises may arise. So Quasar CLI helps you not fall into this trap.

[asmaps]

What about this issue? Hacking in node_modules doesn't seem to be an appropriate solution... I want to use location stuff in my app which requires a "secure origin"

[TheCheat]

What about this issue? Hacking in node_modules doesn't seem to be an appropriate solution... I want to use location stuff in my app which requires a "secure origin"

Same reason. I cant use WebRTC on devServer with non-secure origin.

[tonydoesathing]

@mpacary 's workaround worked for me. I needed the https so I could make use of MediaDevices.getUserMedia() for camera access, which is disabled unless coming from https (it works when you build the app for production and are no longer running the dev server, but it's a hassle to rebuild and deploy the app while I'm debugging and writing the app)

Not sure about a better solution though other than changing it to a warning
Thank you all for your efforts and insights with this!

[rstoenescu]

quasar-cli v0.17.24 (not yet released, most likely tomorrow) will allow HTTPS as you requested.

[rstoenescu]

Released quasar-cli v0.17.24.