0

I have a simple node.js setup running socket.io >1.0.0;

fs = require('/home/node/bin/node_modules/file-system');

        // Options for socket.io > 1.0.0
        var options = {
                allowUpgrades: true,
                transports: [ 'polling', 'websocket' ],
                pingTimeout: 6000,
                pingInterval: 3000,
                cookie: 'nom-nom',
                httpCompression: true,
                key: fs.readFileSync('/etc/letsencrypt/live/example.com/privkey.pem'),
                cert: fs.readFileSync('/etc/letsencrypt/live/example.com/fullchain.pem'),
                origins: '*:*'
        };

        io = require('/home/node/bin/node_modules/socket.io')(8000, options);

When a client connects from a page served via http they are able to connect as expected and the socket connection is allowed. If a client tries to connect from a page served over https I get the following error;

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.com:8000/socket.io/?EIO=3&transport=polling&t=MfVDWxD. (Reason: CORS request did not succeed).

Given my CORS policy is already set for *:* which should allow anything I don't understand why it's failing.

I have tried adding {secure: true} to the client connection, and I've also tried forcing a wss:// and https:// url for the connection string - all result in the same CORS error.

This is a bare socket implementation, not using any framework like express or even http.

Can someone point me in the right direction so that I can allow my clients to connect via https or ideally http and https.

user3788685
  • 2,943
  • 5
  • 26
  • 45

1 Answers1

0

you need to install cors, you can do that with npm or any other package manager

then in your nodejs app:

// require cors
const cors = require("cors");
// Use Cors As Middleware
app.use(cors());
Yousef
  • 35
  • 4
  • 1
    Isn't that when using Express? - this is a bare socket implementation and I can't can't switch to use something like express sadly. – user3788685 Apr 27 '19 at 14:58
  • take a look at [this](https://stackoverflow.com/questions/17124600/how-can-i-add-cors-headers-to-a-static-connect-server) it might help – Yousef Apr 27 '19 at 15:23
  • 1
    Sorry - but maybe I'm missing something - that link is about using `http` - I'm not using that either. I just use bare 'io.foo' expressions with direct sockets, no wrappers frameworks or helpers. Sorry this stuff isn't day job for me so when I'm thrown completely different examples it doesn't help - sorry. – user3788685 Apr 27 '19 at 15:28
  • I understand, hope you find what you are looking for asap, try asking the same question on github community – Yousef Apr 27 '19 at 15:56