5

I am trying to connect to a websocket on server.domain.com from trial.domain.com

NS_ERROR_DOM_SECURITY_ERR in Firefox:

"[Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "https://trial.domain.com/home Line: 454"]"

when I am trying to make a WebSocket Connection:

try {
  if (window['MozWebSocket'] !== undefined) {
    socket = new MozWebSocket('ws://server.domain.com/chat');
  } else {
    socket = new WebSocket('ws://server.domain.com/chat');
  }
  trails = 0;
} catch(err){
  trials++;
}
leggetter
  • 15,248
  • 1
  • 55
  • 61
Sameer Segal
  • 21,813
  • 7
  • 42
  • 56
  • You shouldn't use user-agent sniffing to determine whether to use `MozWebSocket`, you should look for the `WebSocket` constructor and only if you can't find it then try the `MozWebSocket` constructor. – Neil Apr 26 '12 at 23:22

1 Answers1

4

This happens by Browsers that is applying security policy that prevents of use any access to external domain that the page is hosted it self.
This occurs in scenarios when you are trying to get important connections from SSL area to non SSL and another domain (don't know if same domain will solve the problem) - that is your case. But there is more of possible scenarios of this.

This is browser related error, and it is browser who throw this error, and there is no problem with connection it self.

You have to host your WebSockets server under same domain as the http server. If that is not possible, there is few ways you can go:

  1. If software is for inhouse use and settings in browsers can be done for use, then you can disable cross-domain security policies:
    • Firefox, under "about:config" set s"ecurity.fileuri.strict_origin _policy" to "false".
    • Chrome, run with flag "--allow-file-access-from-files"
  2. If you have access to DNS settings of your domain, you can create sub forwarder and it will look like you are connecting to the same domain. Not sure about this option on practice, but it looks well.
moka
  • 22,846
  • 4
  • 51
  • 67
  • WebSockets were developed to support cross domain communication so I don't think it's likely that the cause of the problem is the web browser. I think it's more likely that the server is rejecting the connection in some way. See [Origin/security considerations in the WebSocket RFC](http://tools.ietf.org/html/rfc6455#section-10) – leggetter Apr 26 '12 at 22:52
  • 3
    Please, provide the version of Firefox. As well as I see you are going from HTTPS area to non SSL (ws://, but not wss:://). That is probably causing an issue. If you are on SSL, you then should use WSS - it is WebSockets SSL. – moka Apr 26 '12 at 23:44
  • Switching to wss solved the security problem. But I am still unable to connect to the socket. I think my nginx conf is incorrect. – Sameer Segal Apr 30 '12 at 09:29
  • Here is a new question regarding Nginx config: http://stackoverflow.com/questions/10381412/nginx-config-for-wss – Sameer Segal Apr 30 '12 at 09:34