[FIX] Use Node's native https instead of spdy

[henriquemattos]

Using native https from NodeJS instead of SPDY, which is not supported by Node >= 24.

According to NodeJS Releases, “v22 is about to enter Maintenance and v24 is about to become Active”. Unfortunately, this is a breaking change for UI5 CLI serve when using --h2, since we use spdy. According to the code comments, we use spdy because of Node v8.4.0 😬.

Tested the upgrade using Firefox Developer Edition (latest) on macOS 26 and NodeJS v24.9.0 with:

ui5 serve --verbose --port 1987 -o index.html --h2 --key ./infrastructure/certs/localhost.key --cert ./infrastructure/certs/localhost.crt --accept-remote-connections

Fixes: #327

---

Thank you for your contribution! 🙌

To get it merged faster, kindly review the checklist below:

Pull Request Checklist

• Reviewed the Contributing Guidelines
  • Especially the How to Contribute section
• No merge commits
• Correct commit message style

[cla-assistant]

All committers have signed the CLA.

[flovogt]

@henriquemattos Thanks a lot for your contribution.

Note: This PR is a breaking change and would also drop HTTP/2 support but ensure HTTPS is working again.

[henriquemattos]

I see your point, @flovogt . Thank you for the feedback. I see HTTP/2 in development environment as a “nice-to-have” feature, while SSL is, at least for Firefox, a “must-have”. The default settings of the browser uses https even for localhost. Besides, changing the protocol on the frontend would require a CORS, Proxy or change to the backend too.

Based on your comment, I don’t understand what are the next steps?!

kind regards,
Henrique

[RandomByte]

Thanks again for your contribution. We are currently discussing several options in the team on how to proceed with HTTPS support in UI5 CLI.

Since this is a breaking change, we are thinking of actually going one step further and replacing express with connect. This would allow us to use the native Node.js HTTP/2 server directly and also solve this issue.

We plan major changes to the UI5 Server in UI5 CLI v5 and never made great use of the APIs express provides over connect.

while SSL is, at least for Firefox, a “must-have”. The default settings of the browser uses https even for localhost.

@henriquemattos I'm not able to reproduce this with Firefox 1.145. Could you share some details or documentation on this?

The current documentation on Secure Context classifies localhost as "potentially trustworthy", even over HTTP. In my test, I could use for example the Clipboard API on http://localhost

[henriquemattos]

Thanks for the update, @RandomByte .

As for Firefox, I use the Developer Edition and somehow it came with the HTTPS-Only mode enabled. This was becoming a hassle not only for my localhost, but acccessing my router's IP address previously.

https://support.mozilla.org/en-US/kb/https-only-prefs

[RandomByte]

I see, thanks. We hope we can provide a solution for current Node.js versions in UI5 CLI v5, one way or another.

[henriquemattos]

In the meantime, do you think would be possible to apply my solution via middleware? I mean, every time I update Node modules, I have to reimplement the workaround locally (as I’m already developing in Node v24 for the next quarter).