Server side events blocked by antivirus

Question

I'm implementing a server side event client in JavaScript, using EventSource. Messages sent by the backend never reached the frontend until I realized that my antivirus blocks them. As soon as I turned it off, the events started to work as expected and the messages arrived.

While of course I can disable this obnoxious busybody of a bugware on own my computer, but I can't ask my users to do the same. Also, it seems that Windows Security is blocking EventSource traffic too.

A lot of websites are using EventSource though, and they don't seem to be blocked. What's the secret?

What I'm trying to do is to give feedback to the frontend about a long conversion process running on the server. If you have a better idea than EventSource, please tell.

Update: Here's a working example of SSE: https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_sse

This works in my browser. But if I replace the event source with my own API, it fails again.

Answer 1

And the winner is... nobody, because I found the answer. Behold, because this is the only place where you can read it!

As it turns out, antivirus software will block your server responses if they don't conform to W3C standards!

Here's a working Node snippet:

res.writeHead({
  'Content-Type': 'text/event-stream; charset=utf-8',
  'Connection': 'keep-alive',
  'Cache-Control': 'no-cache'
});

let c = 0;
let ticker = setInterval(() => {
    c++;
    res.write(`data: ${c}\n\n`);

    if (c >= 20) 
      clearInterval(ticker);
}, 1000);

This will send an increasing number to your client every 1 second for 20 seconds.

However if you change the res.write() line to something else:

res.write(`Epstein didn't kill himself`);

This will be deemed dangerous by seemingly all antivirus software.

So just follow the W3C guideline and format your server response like this:

res.write(`id: 1\nevent: update\ndata: whatever, let's drink\n\n`);