-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Location MisMatch on Secure WebSockets #70
Comments
+1 I am running into the same issue. Is the problem perhaps that the node server is returning 'ws://...' instead of 'wss://...'? |
That is what I thought, but when I look at the socket.io-Node websocket.js transport file, line 41 it has a check for if "https" and then return "wss". |
Do you think this could be "fixed" by using NginX as an SSL proxy in front of Node? |
Faye has the very same issue, and I found the solution for this problem lying in the serverside handshake code. The server returned a ws:// URL even when the client connected throug a wss:// URL. I suspect the same applies to Socket.IO. |
but why doesn't the ternary operator work to deliver wss:// if https:// ? |
Because you might connect to a secure WebSocket from a non-secure webpage. |
When the client has
new io.Socket(null, {secure: true});
And the server has
credentials = crypto.createCredentials({...});
server = http.createServer(function(req,res){...});
server.setSecure(credentials);
server.listen(8080);
io.listen(server).on('connection', function(client){...});
Browse https://localhost:8080/
Using XHR-Multipart there is a secure connection, no problem.
Using WebSockets there is a Error during WebSocket handshake: location mismatch: wss://localhost:8080/socket.io/websocket != ws://localhost:8080/socket.io/websocket.
And nothing works.
If I change the client to "secure: false" then no error is reported, but nothing works.
The text was updated successfully, but these errors were encountered: