From 2073da0505669dbf1975fb0df8070a11ba4909b1 Mon Sep 17 00:00:00 2001 From: Ray Foss Date: Thu, 3 Jun 2021 00:37:36 -0500 Subject: [PATCH 1/4] Turn on CORS Most browsers won't allow connections over the "Internet" when CORS is not configured. This is a problem in Glitch, AWS, GCP, CodeSandbox and other setups where HTTPS encryption is handled by a transparent reverse proxy. Usually nginx, tiny, Apache Mod-proxy, Route 53 or Google Load Balancer. --- lib/livereload.coffee | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/livereload.coffee b/lib/livereload.coffee index ca8cc4d..bd862a4 100755 --- a/lib/livereload.coffee +++ b/lib/livereload.coffee @@ -17,6 +17,13 @@ defaultExts = [ defaultExclusions = [/\.git\//, /\.svn\//, /\.hg\//] +defaultHeaders = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'OPTIONS, POST, GET', + 'Access-Control-Max-Age': 2592000, // 30 days + 'Content-Type': 'text/javascript' +} + # Server accepts a Configuration object to configure the server. # # `version`: The protocol version to use. @@ -220,7 +227,7 @@ class Server extends EventEmitter exports.createServer = (config = {}, callback) -> requestHandler = ( req, res )-> if url.parse(req.url).pathname is '/livereload.js' - res.writeHead(200, {'Content-Type': 'text/javascript'}) + res.writeHead(200, defaultHeaders) res.end fs.readFileSync require.resolve 'livereload-js' if !config.https? app = http.createServer requestHandler From a10a1bf48d1e0fca15f98e6f56ea56543d0d74b5 Mon Sep 17 00:00:00 2001 From: Ray Foss Date: Thu, 3 Jun 2021 00:59:03 -0500 Subject: [PATCH 2/4] fixed coffee comment --- lib/livereload.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/livereload.coffee b/lib/livereload.coffee index bd862a4..cdc24af 100755 --- a/lib/livereload.coffee +++ b/lib/livereload.coffee @@ -20,7 +20,7 @@ defaultExclusions = [/\.git\//, /\.svn\//, /\.hg\//] defaultHeaders = { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'OPTIONS, POST, GET', - 'Access-Control-Max-Age': 2592000, // 30 days + 'Access-Control-Max-Age': 2592000, 'Content-Type': 'text/javascript' } From ef1a12221a3f5b320b0dcd9a1c4a05f94435ada3 Mon Sep 17 00:00:00 2001 From: Ray Foss Date: Thu, 3 Jun 2021 01:01:25 -0500 Subject: [PATCH 3/4] actually built code... there is no protocol for this lol --- lib/livereload.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/livereload.js b/lib/livereload.js index 512f7bf..bc6dbaf 100644 --- a/lib/livereload.js +++ b/lib/livereload.js @@ -1,6 +1,6 @@ // Generated by CoffeeScript 1.12.7 (function() { - var EventEmitter, Server, chokidar, defaultExclusions, defaultExts, defaultPort, fs, http, https, path, protocol_version, url, ws, + var EventEmitter, Server, chokidar, defaultExclusions, defaultExts, defaultHeaders, defaultPort, fs, http, https, path, protocol_version, url, ws, extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; }, hasProp = {}.hasOwnProperty; @@ -28,6 +28,13 @@ defaultExclusions = [/\.git\//, /\.svn\//, /\.hg\//]; + defaultHeaders = { + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'OPTIONS, POST, GET', + 'Access-Control-Max-Age': 2592000, + 'Content-Type': 'text/javascript' + }; + Server = (function(superClass) { extend(Server, superClass); @@ -237,9 +244,7 @@ } requestHandler = function(req, res) { if (url.parse(req.url).pathname === '/livereload.js') { - res.writeHead(200, { - 'Content-Type': 'text/javascript' - }); + res.writeHead(200, defaultHeaders); return res.end(fs.readFileSync(require.resolve('livereload-js'))); } }; From 4c556c701e651a4056d00cd1b70dc57387e9d4c7 Mon Sep 17 00:00:00 2001 From: Ray Foss Date: Wed, 7 Jul 2021 17:28:33 -0500 Subject: [PATCH 4/4] Made more readable removed unnecessary CORS https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers Noticed this is what's actually used by express@latest response headers with CORS. --- lib/livereload.coffee | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/livereload.coffee b/lib/livereload.coffee index cdc24af..3f6d4e8 100755 --- a/lib/livereload.coffee +++ b/lib/livereload.coffee @@ -19,8 +19,8 @@ defaultExclusions = [/\.git\//, /\.svn\//, /\.hg\//] defaultHeaders = { 'Access-Control-Allow-Origin': '*', - 'Access-Control-Allow-Methods': 'OPTIONS, POST, GET', - 'Access-Control-Max-Age': 2592000, + 'Access-Control-Allow-Methods': 'GET', + 'Access-Control-Allow-Headers': 'cache-control,pragma', 'Content-Type': 'text/javascript' }