|
1
|
|
|
'use strict'; |
|
2
|
|
|
|
|
3
|
|
|
const errorOverlayMiddleware = require('react-error-overlay/middleware'); |
|
4
|
|
|
const noopServiceWorkerMiddleware = require('react-dev-utils/noopServiceWorkerMiddleware'); |
|
5
|
|
|
const config = require('./webpack.config.dev'); |
|
6
|
|
|
const paths = require('./paths'); |
|
7
|
|
|
|
|
8
|
|
|
const protocol = process.env.HTTPS === 'true' ? 'https' : 'http'; |
|
9
|
|
|
const host = process.env.HOST || '0.0.0.0'; |
|
10
|
|
|
|
|
11
|
|
|
module.exports = function(proxy, allowedHost) { |
|
12
|
|
|
return { |
|
13
|
|
|
// WebpackDevServer 2.4.3 introduced a security fix that prevents remote |
|
14
|
|
|
// websites from potentially accessing local content through DNS rebinding: |
|
15
|
|
|
// https://github.com/webpack/webpack-dev-server/issues/887 |
|
16
|
|
|
// https://medium.com/webpack/webpack-dev-server-middleware-security-issues-1489d950874a |
|
17
|
|
|
// However, it made several existing use cases such as development in cloud |
|
18
|
|
|
// environment or subdomains in development significantly more complicated: |
|
19
|
|
|
// https://github.com/facebookincubator/create-react-app/issues/2271 |
|
20
|
|
|
// https://github.com/facebookincubator/create-react-app/issues/2233 |
|
21
|
|
|
// While we're investigating better solutions, for now we will take a |
|
22
|
|
|
// compromise. Since our WDS configuration only serves files in the `public` |
|
23
|
|
|
// folder we won't consider accessing them a vulnerability. However, if you |
|
24
|
|
|
// use the `proxy` feature, it gets more dangerous because it can expose |
|
25
|
|
|
// remote code execution vulnerabilities in backends like Django and Rails. |
|
26
|
|
|
// So we will disable the host check normally, but enable it if you have |
|
27
|
|
|
// specified the `proxy` setting. Finally, we let you override it if you |
|
28
|
|
|
// really know what you're doing with a special environment variable. |
|
29
|
|
|
disableHostCheck: |
|
30
|
|
|
!proxy || process.env.DANGEROUSLY_DISABLE_HOST_CHECK === 'true', |
|
31
|
|
|
// Enable gzip compression of generated files. |
|
32
|
|
|
compress: true, |
|
33
|
|
|
// Silence WebpackDevServer's own logs since they're generally not useful. |
|
34
|
|
|
// It will still show compile warnings and errors with this setting. |
|
35
|
|
|
clientLogLevel: 'none', |
|
36
|
|
|
// By default WebpackDevServer serves physical files from current directory |
|
37
|
|
|
// in addition to all the virtual build products that it serves from memory. |
|
38
|
|
|
// This is confusing because those files won’t automatically be available in |
|
39
|
|
|
// production build folder unless we copy them. However, copying the whole |
|
40
|
|
|
// project directory is dangerous because we may expose sensitive files. |
|
41
|
|
|
// Instead, we establish a convention that only files in `public` directory |
|
42
|
|
|
// get served. Our build script will copy `public` into the `build` folder. |
|
43
|
|
|
// In `index.html`, you can get URL of `public` folder with %PUBLIC_URL%: |
|
44
|
|
|
// <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico"> |
|
45
|
|
|
// In JavaScript code, you can access it with `process.env.PUBLIC_URL`. |
|
46
|
|
|
// Note that we only recommend to use `public` folder as an escape hatch |
|
47
|
|
|
// for files like `favicon.ico`, `manifest.json`, and libraries that are |
|
48
|
|
|
// for some reason broken when imported through Webpack. If you just want to |
|
49
|
|
|
// use an image, put it in `src` and `import` it from JavaScript instead. |
|
50
|
|
|
contentBase: paths.appPublic, |
|
51
|
|
|
// By default files from `contentBase` will not trigger a page reload. |
|
52
|
|
|
watchContentBase: true, |
|
53
|
|
|
// Enable hot reloading server. It will provide /sockjs-node/ endpoint |
|
54
|
|
|
// for the WebpackDevServer client so it can learn when the files were |
|
55
|
|
|
// updated. The WebpackDevServer client is included as an entry point |
|
56
|
|
|
// in the Webpack development configuration. Note that only changes |
|
57
|
|
|
// to CSS are currently hot reloaded. JS changes will refresh the browser. |
|
58
|
|
|
hot: true, |
|
59
|
|
|
// It is important to tell WebpackDevServer to use the same "root" path |
|
60
|
|
|
// as we specified in the config. In development, we always serve from /. |
|
61
|
|
|
publicPath: config.output.publicPath, |
|
62
|
|
|
// WebpackDevServer is noisy by default so we emit custom message instead |
|
63
|
|
|
// by listening to the compiler events with `compiler.plugin` calls above. |
|
64
|
|
|
quiet: true, |
|
65
|
|
|
// Reportedly, this avoids CPU overload on some systems. |
|
66
|
|
|
// https://github.com/facebookincubator/create-react-app/issues/293 |
|
67
|
|
|
watchOptions: { |
|
68
|
|
|
ignored: /node_modules/, |
|
69
|
|
|
}, |
|
70
|
|
|
// Enable HTTPS if the HTTPS environment variable is set to 'true' |
|
71
|
|
|
https: protocol === 'https', |
|
72
|
|
|
host: host, |
|
73
|
|
|
overlay: false, |
|
74
|
|
|
historyApiFallback: { |
|
75
|
|
|
// Paths with dots should still use the history fallback. |
|
76
|
|
|
// See https://github.com/facebookincubator/create-react-app/issues/387. |
|
77
|
|
|
disableDotRule: true, |
|
78
|
|
|
}, |
|
79
|
|
|
public: allowedHost, |
|
80
|
|
|
proxy, |
|
81
|
|
|
setup(app) { |
|
82
|
|
|
// This lets us open files from the runtime error overlay. |
|
83
|
|
|
app.use(errorOverlayMiddleware()); |
|
84
|
|
|
// This service worker file is effectively a 'no-op' that will reset any |
|
85
|
|
|
// previous service worker registered for the same host:port combination. |
|
86
|
|
|
// We do this in development to avoid hitting the production cache if |
|
87
|
|
|
// it used the same host and port. |
|
88
|
|
|
// https://github.com/facebookincubator/create-react-app/issues/2272#issuecomment-302832432 |
|
89
|
|
|
app.use(noopServiceWorkerMiddleware()); |
|
90
|
|
|
}, |
|
91
|
|
|
}; |
|
92
|
|
|
}; |
|
93
|
|
|
|
arojunior /
awesome-feed
