Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

$page.url.origin is set to https when a page is served over http

See original GitHub issue

Describe the bug

$page.url is not setto the actual URL of the page in adapter-node when served over http

Reproduction

<script>
	import { page } from '$app/stores';
</script>

{$page.url.origin}

Use adapter-node, compile and serve the application withsvelte-kit build && node build, load http://localhost:3000 in your browser.

expected: http://localhost:3000 actual: https://localhost:3000

System Info

latest sveltekit

Severity

serious, but I can work around it

Additional Information

No response

Issue Analytics

State:
Created 2 years ago
Comments:22 (19 by maintainers)

Top GitHub Comments

2reactions

benmccanncommented, Jan 13, 2022

there’s no reason for it to be wrong on the server either, but y’all keep ignoring my great solution to that 🤣 https://github.com/sveltejs/kit/issues/3248#issuecomment-1008213529

2reactions

nhe23commented, Jan 12, 2022

That’s a valid point. So it does not make any sense to change anything on how the origin is set on the server-side. However we could overwrite the protocol in the start function of the renderer, right here: https://github.com/sveltejs/kit/blob/e881c7c57a3b136f92eba3aaef8952b11591a8e1/packages/kit/src/runtime/client/renderer.js#L162-L163

like this

    // url.hash is empty when coming from the server
    url.hash = window.location.hash;
+   url.protocol = window.location.protocol;

This way $page.url.origin would be correct as soon as the start function has run. If no one is against this solution I’ll create a PR tomorrow.

Top Results From Across the Web

Understanding "same-site" and "same-origin" - web.dev

"Origin" is a combination of a scheme (also known as the protocol, for example HTTP or HTTPS), hostname, and port (if specified). For...

Same-origin policy - Web security | MDN

The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a ......

HTTPS and HTTP CORS - Stack Overflow

The origin's security protocol must match that of the requested URL. (http to http, https to https). If these do not match, the...

Maintaining separate HTTP and HTTPS requests to origin ...

On the Origins page, click the Attach a condition link next to the name of the non-secure server. · Fill out the Create...

Introduction to HTTPS

By default, when a user is on an HTTPS website and clicks a link to an HTTP website, browsers will not send a...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

https page in SvelteKit is fetched when only http is used

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

$page.url.origin is set to https when a page is served over http

Describe the bug

Reproduction

System Info

Severity

Additional Information

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

500: Failed to fetch dynamically imported module

Cannot build SvelteKit app with `@vitejs/plugin-legacy`