javascript - Websockets in Firefox not working with several HTTPS pages -

May 15, 2010

i have websocket client-server application. here's client's simplified code:

const host = "wss://localhost:8000";  const sub_protocol= "sub-protocol";   var websocket = new websocket(host, sub_protocol);  websocket.onopen  = function(evt)   { ... }; websocket.onclose = function(evt)   { ... }; websocket.onerror = function(evt)   { ... }; websocket.onmessage = function(evt) { ... };

and here's server:

const port = 8000; const subprotocol = 'sub-protocol';  var websocketserver = require('websocket').server;  var https = require('https'); var fs = require('fs');  // private key , certification (self-signed now)  var options = {   key: fs.readfilesync('cert/server.key'),   cert: fs.readfilesync('cert/server.crt') };  var server = https.createserver(options, function(request, response) {     console.log((new date()) + ' received http(s) request ' + request.url);     response.writehead(404);     response.end(); });   // bind server object listen port number server.listen(port, function() {     console.log((new date()) + ' server listening on port ' + port); });  wsserver = new websocketserver({     httpserver: server,     // should not use autoacceptconnections production     // applications, defeats standard cross-origin protection     // facilities built protocol , browser.  should     // *always* verify connection's origin , decide whether or not     // accept it.     autoacceptconnections: false });   function originisallowed(origin) {   // put logic here detect whether specified origin allowed.   return true; }  // if autoacceptconnections set false, request event emitted // server whenever new websocket request made wsserver.on('request', function(request) {      if (!originisallowed(request.origin)) {       // make sure accept requests allowed origin       request.reject();       console.log((new date()) + ' connection origin ' + request.origin + ' rejected.');       return;     }      // accepts connection , return socket connection     var connection = request.accept(sub_protocol, request.origin);      console.log((new date()) + ' connection accepted.');      // when message received     connection.on('message', function(message) {          // echo         connection.send(connection, message.utf8data);      });       connection.on('close', function(reasoncode, description) {         console.log((new date()) + ' peer ' + connection.remoteaddress + ' disconnected.');     });  });

both client , server works expected https pages (tested on twitter, mail.ru,). reason doesn't example facebook or github.

in javascript console this:

exception { message: "", result: 2153644038, name: "", filename: "", linenumber: 0, columnnumber: 0, inner: null, data: null }

then huge stack trace follows: pasted here

and @ end:

content security policy: page's settings blocked loading of resource @ wss://localhost:8000/ ("connect-src https://github.com:443 https://ghconduit.com:25035 https://live.github.com:443 https://uploads.github.com:443 https://s3.amazonaws.com:443").

i don't see how these page differ pages, works. i'd point out, these pages works in chrome.

(tested in firefox 31)

the pages websocket connection fails have content-security-policy header connect-src directive set allow connections set of whitelisted domains. means connections page non-whitelisted domain fail.

its not clear how you're running code. seems possible chrome allows extensions bypass header restriction while firefox not, or effect.

Search This Blog

O9

javascript - Websockets in Firefox not working with several HTTPS pages -

Comments

Post a Comment

Popular posts from this blog

Error while updating a record in APEX screen -

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

ios - Xcode 5 "No such file or directory" -