Make httpSafePort work as expected when httpSafeOrigin is set

[dullbananas]

Fixes #907

Required for using a separate sandbox origin in a remote development environment, which I need for reproducing #973

[ghost]

Hello, can you please rebase your branch on staging?

[ghost]

Thanks a lot @dullbananas!

[ghost]

Hello,

Reading about your proposed changes with our lead developer, we understand there is a misunderstanding.

While I will try to rephrase the explicative sentence as best as I can in the config.js example, you only need to use the httpSafePort if you can't have a second domain name. If you are working on a local, development instance, with localhost per example.

Then you'll need something to emulate the other origin, here comes httpSafePort. Where you will have https://localhost:3000 for the main one and https://localhost:3001 for the sandbox.

In any other case, where you have 2 domains, you do not need httpSafePort at all.
Hope it helps clarify. :)

[dullbananas]

I'm using a remote development environment where the URL used in the local browser to access the ports is more like 3000.example.com and 3001.example.com

[ghost]

If you have 2 subdomains it's fine, it's the same. You don't need httpSafePort.

• 3000.example.com is your httpUnsafeOrigin
• 3001.example.com is your httpSafeOrigin

You don't need anything else.

[dullbananas]

That's not true. Setting httpSafeOrigin causes the server to not use port 3001, which causes 3001.example.com to not exist.