1

I have a strange issue in FF which is not reproduced in Chrome: websocket connection to another origin does not work when using SSL connection.

My Rails app is running on https://wax.lvh.me:3000 and socket.io node JS app is running on https://wax.lvh.me:3001. When I try to connect to the socket from the Rails app in FF I see the following warnings in the browser's dev console:

enter image description here

When I open the Network tab I see the following response headers - notice that there are no access-control headers in the response:

enter image description here I tried to use the following recipes from the others SO answers:

Set up origins to '*:*' from this answer

io = require('socket.io').listen(server)
io.set('origins', '*:*');

Set up origins to a function from this answer

io.origins (origin, callback) =>
  if origin.match(/lvh\.me/)
    return callback(null, true)

  callback('Origin not allowed', false)

But nothing helped me to fix this issue so far

Notice that access-control headers are set correctly in Chrome:

enter image description here

I use the following browser and tool versions:

  • Firefox - 63.0.3 (64-bit)
  • Google Chrome - Version 73.0.3683.39 (Official Build) beta (64-bit)
  • Socket.io - 2.2.0

Do you have any ideas how to set up CORS in socket.io for FF correctly?

Hirurg103
  • 4,783
  • 2
  • 34
  • 50
  • The image at https://i.stack.imgur.com/HAcdu.png doesn’t show the response headers — it only shows the request headers. You need to instead look at the Response tab there. – sideshowbarker Feb 19 '19 at 00:32
  • @sideshowbarker the Response is blank – Hirurg103 Feb 19 '19 at 22:51
  • try to set the `origins` ( on the server ) using `io.origins('*:*')` and on the client side : `socket = io.connect('https://wax.lvh.me:3000', { transports: ['websocket'] });`, – Taki Feb 20 '19 at 15:40

1 Answers1

0

There was everything OK with CORS configuration in our socket.io app

The problem was with SSL certificates: our configuration was missing ca (intermediate certificate) option in the HTTPS server initialization. We fixed the issue with this code:

require('https').createServer({
  ca: fs.readFileSync(process.env.SSL_CA),         // this config was missing
  cert: fs.readFileSync(process.env.SSL_CERT),
  key: fs.readFileSync(process.env.SSL_KEY)
})

As nodeJS create Secure Context documentation says:

ca string | string[] | Buffer | Buffer[]. Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are explicitly specified using this option. The value can be a string or Buffer, or an Array of strings and/or Buffers. Any string or Buffer can contain multiple PEM CAs concatenated together. The peer's certificate must be chainable to a CA trusted by the server for the connection to be authenticated. When using certificates that are not chainable to a well-known CA, the certificate's CA must be explicitly specified as a trusted or the connection will fail to authenticate. If the peer uses a certificate that doesn't match or chain to one of the default CAs, use the ca option to provide a CA certificate that the peer's certificate can match or chain to. For self-signed certificates, the certificate is its own CA, and must be provided. For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE".

Hirurg103
  • 4,783
  • 2
  • 34
  • 50