Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use 'wss' connection from page served over http #169

Closed
ghost opened this issue Mar 18, 2011 · 7 comments
Closed

use 'wss' connection from page served over http #169

ghost opened this issue Mar 18, 2011 · 7 comments

Comments

@ghost
Copy link

ghost commented Mar 18, 2011

the following code in "lib/socket.io/transports/websocket.js" returns a location header with the 'ws' scheme if the origin is not https, regardless of whether the websocket was opened with a 'wss' scheme:

 var origin = this.request.headers.origin,
       location = (origin && origin.substr(0, 5) == 'https' ? 'wss' : 'ws')
                   + '://' + this.request.headers.host + this.request.url;

i couldn't find anything in the websocket spec that disallows using 'wss' websocket connections from pages server over http, and in chromium this results in:

Error during WebSocket handshake: location mismatch: wss://hostname:port//node.js/realtime/websocket != ws://hostname:port//node.js/realtime/websocket

if i missed something, and the spec doesn't allow this, so be it. if not, i'm happy to work up a patch that allows the websocket data to use a tunnel even if the page html doesn't. (yes, there are use cases for this, as the network the html travels over may be trusted, while the websocket data may use a different, untrusted network.)

@madari
Copy link

madari commented Mar 19, 2011

Surely the spec allows it. Socket.IO-node should check if the connection is made using TLS instead of trying to determine the type of the websocket connection from the origin.

@arenstar
Copy link

Can we somehow fix this.. im getting the same error
and websockets do not function anymore ( since i changed to ssl)

All of my services are SSL..
but i often act as a 3rd party for delivering information on behalf of our clients..
i am unable to fix this problem..

Any suggestions on a fix???

please

@ghost
Copy link
Author

ghost commented Mar 21, 2011

ok, i'll have a go at a patch for this. thanks for the replies.

@ghost
Copy link
Author

ghost commented Mar 31, 2011

here's a one-line fix for this issue:

var origin = this.request.headers.origin,
       location = (this.request.socket.encrypted ? 'wss' : 'ws')
                   + '://' + this.request.headers.host + this.request.url;

@nh2
Copy link

nh2 commented Apr 7, 2011

I need this as well.

@parshap
Copy link

parshap commented May 6, 2011

This fix was applied as a part of #180 and this ticket should be closed.

@ghost
Copy link
Author

ghost commented May 7, 2011

closing...

@ghost ghost closed this as completed May 7, 2011
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants