The https.request abstraction is not defining the https protocol like node

[pffigueiredo]

Context

I was trying out some socket connections that relied on https.request inside Nodebox when I first saw the following error:

Mixed Content: The page at 'https://nodebox-runtime.codesandbox.io/worker-360phrzywik3ot71qeou7g44viv8u49.js' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://my-url:27017/'. This request has been blocked; the content must be served over HTTPS

Bare in mind that all of this was previously tested in a "normal" node environment and worked without any issues. 👍

Problem

After debugging a little bit, it looks like the problem origins from nodebox abstraction of https.request not setting the protocol property value to https as the regular node one does.

node stringified version of https.request: ✔️

{"_events":{},"_eventsCount":0,"outputData":[],"outputSize":0,"writable":true,"destroyed":false,"_last":true,"chunkedEncoding":false,"shouldKeepAlive":false,"maxRequestsOnConnectionReached":false,"_defaultKeepAlive":true,"useChunkedEncodingByDefault":false,"sendDate":false,"_removedConnection":false,"_removedContLen":false,"_removedTE":false,"strictContentLength":false,"_contentLength":null,"_hasBody":true,"_trailer":"","finished":false,"_headerSent":false,"_closed":false,"socket":null,"_header":null,"_keepAliveTimeout":0,"agent":{"_events":{},"_eventsCount":2,"defaultPort":443,"protocol":"https:","options":{"noDelay":true,"path":null},"requests":{},"sockets":{"jsonplaceholder.typicode.com:443:::::::::::::::::::::":[{"_tlsOptions":{"pipe":false,"secureContext":{"context":{}},"isServer":false,"requestCert":true,"rejectUnauthorized":true},"_secureEstablished":false,"_securePending":false,"_newSessionPending":false,"_controlReleased":true,"secureConnecting":true,"_SNICallback":null,"servername":null,"alpnProtocol":null,"authorized":false,"authorizationError":null,"encrypted":true,"_events":{"close":[null,null,null],"end":[null,null]},"_eventsCount":9,"connecting":true,"_hadError":false,"_parent":null,"_host":"jsonplaceholder.typicode.com","_closeAfterHandlingError":false,"_readableState":{"objectMode":false,"highWaterMark":16384,"buffer":{"head":null,"tail":null,"length":0},"length":0,"pipes":[],"flowing":null,"ended":false,"endEmitted":false,"reading":false,"constructed":true,"sync":true,"needReadable":false,"emittedReadable":false,"readableListening":false,"resumeScheduled":false,"errorEmitted":false,"emitClose":false,"autoDestroy":true,"destroyed":false,"errored":null,"closed":false,"closeEmitted":false,"defaultEncoding":"utf8","awaitDrainWriters":null,"multiAwaitDrain":false,"readingMore":false,"dataEmitted":false,"decoder":null,"encoding":null},"_writableState":{"objectMode":false,"highWaterMark":16384,"finalCalled":false,"needDrain":false,"ending":false,"ended":false,"finished":false,"destroyed":false,"decodeStrings":false,"defaultEncoding":"utf8","length":0,"writing":false,"corked":0,"sync":true,"bufferProcessing":false,"writecb":null,"writelen":0,"afterWriteTickInfo":null,"buffered":[],"bufferedIndex":0,"allBuffers":true,"allNoop":true,"pendingcb":0,"constructed":true,"prefinished":false,"errorEmitted":false,"emitClose":false,"autoDestroy":true,"errored":null,"closed":false,"closeEmitted":false},"allowHalfOpen":false,"_sockname":null,"_pendingData":null,"_pendingEncoding":"","_server":null,"ssl":{"_parent":{"reading":false,"onconnection":null},"_secureContext":{"context":{}},"reading":false},"_requestCert":true,"_rejectUnauthorized":true}],"localhost:443:::::::::::::::::::::":[{"_tlsOptions":{"pipe":false,"secureContext":{"context":{}},"isServer":false,"requestCert":true,"rejectUnauthorized":true},"_secureEstablished":false,"_securePending":false,"_newSessionPending":false,"_controlReleased":true,"secureConnecting":true,"_SNICallback":null,"servername":null,"alpnProtocol":null,"authorized":false,"authorizationError":null,"encrypted":true,"_events":{"close":[null,null,null],"end":[null,null]},"_eventsCount":9,"connecting":true,"_hadError":false,"_parent":null,"_host":"localhost","_closeAfterHandlingError":false,"_readableState":{"objectMode":false,"highWaterMark":16384,"buffer":{"head":null,"tail":null,"length":0},"length":0,"pipes":[],"flowing":null,"ended":false,"endEmitted":false,"reading":false,"constructed":true,"sync":true,"needReadable":false,"emittedReadable":false,"readableListening":false,"resumeScheduled":false,"errorEmitted":false,"emitClose":false,"autoDestroy":true,"destroyed":false,"errored":null,"closed":false,"closeEmitted":false,"defaultEncoding":"utf8","awaitDrainWriters":null,"multiAwaitDrain":false,"readingMore":false,"dataEmitted":false,"decoder":null,"encoding":null},"_writableState":{"objectMode":false,"highWaterMark":16384,"finalCalled":false,"needDrain":false,"ending":false,"ended":false,"finished":false,"destroyed":false,"decodeStrings":false,"defaultEncoding":"utf8","length":0,"writing":false,"corked":0,"sync":true,"bufferProcessing":false,"writecb":null,"writelen":0,"afterWriteTickInfo":null,"buffered":[],"bufferedIndex":0,"allBuffers":true,"allNoop":true,"pendingcb":0,"constructed":true,"prefinished":false,"errorEmitted":false,"emitClose":false,"autoDestroy":true,"errored":null,"closed":false,"closeEmitted":false},"allowHalfOpen":false,"_sockname":null,"_pendingData":null,"_pendingEncoding":"","_server":null,"ssl":{"_parent":{"reading":false,"onconnection":null},"_secureContext":{"context":{}},"reading":false},"_requestCert":true,"_rejectUnauthorized":true}]},"freeSockets":{},"keepAliveMsecs":1000,"keepAlive":false,"maxSockets":null,"maxFreeSockets":256,"scheduling":"lifo","maxTotalSockets":null,"totalSocketCount":2,"maxCachedSessions":100,"_sessionCache":{"map":{},"list":[]}},"method":"GET","path":"/","_ended":false,"res":null,"aborted":false,"timeoutCb":null,"upgradeOrConnect":false,"parser":null,"maxHeadersCount":null,"reusedSocket":false,"host":"localhost","protocol":"https:"}

nodebox stringified version of https.request: ❌

{"_writableState":{"objectMode":false,"highWaterMark":9007199254740991,"finalCalled":false,"needDrain":false,"ending":false,"ended":false,"finished":false,"destroyed":false,"decodeStrings":true,"defaultEncoding":"utf8","length":0,"writing":false,"corked":0,"sync":true,"bufferProcessing":false,"writecb":null,"writelen":0,"afterWriteTickInfo":null,"buffered":[],"bufferedIndex":0,"allBuffers":true,"allNoop":true,"pendingcb":0,"constructed":true,"prefinished":false,"errorEmitted":false,"emitClose":true,"autoDestroy":true,"errored":null,"closed":false,"closeEmitted":false},"_events":{},"_eventsCount":0,"_chunks":[],"_headers":{},"_headersSent":false,"writable":true,"uri":"http://undefined:80/","withCredentials":false,"method":"GET","response":{"_readableState":{"objectMode":false,"highWaterMark":9007199254740991,"buffer":{"head":null,"tail":null,"length":0},"length":0,"pipes":[],"flowing":null,"ended":false,"endEmitted":false,"reading":false,"constructed":true,"sync":true,"needReadable":false,"emittedReadable":false,"readableListening":false,"resumeScheduled":false,"errorEmitted":false,"emitClose":true,"autoDestroy":true,"destroyed":false,"errored":null,"closed":false,"closeEmitted":false,"defaultEncoding":"utf8","awaitDrainWriters":null,"multiAwaitDrain":false,"readingMore":false,"dataEmitted":false,"decoder":null,"encoding":null},"_events":{},"_eventsCount":1,"complete":false,"upgrade":false,"httpVersion":"1.1","httpVersionMajor":1,"httpVersionMinor":1,"method":"GET","url":"","statusCode":null,"statusMessage":null,"headers":{},"trailers":{},"rawTrailers":[],"trailersDistinct":{}}}

If you take a look at both JSON chunks, you will notice that the nodebox version doesn't define the protocol property and it ends up doing a http request if one passes a relative URL without the protocol set.

REPRODUCIBLE SANDBOX

You will see the exact same error in this sandbox, and although this one has a "dummy" URL and credentials, the problem is still the exact same with authentic ones. 👇

https://codesandbox.io/p/sandbox/brave-swirles-4inf6s

[DeMoorJasper]

Thanks for reporting will look into this monday