is it possible to add Access-Control-Allow-Origin: * to the reply header ?

[lwiechec]

I am running a websocket service (I have created a simple one, that extends WebSocketServer) on my own machine on http:https://localhost:8887 and trying to access it using Socket.IO using this piece of client code:

            var socket = io.connect('http:https://localhost:8887');
            socket.on('connect', function() {
                console.log('connected on websocket using socket.io');
            });

However, the browser is reporting that Cross-Origin Request is blocked:

ross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http:https://localhost:8887/socket.io/?EIO=3&transport=polling&t=1439552086446-41. (Reason: CORS request failed).

I think adding HTTP header to the reply that includes Access-Control-Allow-Origin: * header would help in overcoming the cross-domain limitation?

I was looking for an good place to add it; without modification to the code, I would have to implement another draft class.

What do you think?

[bendem]

That would be the job of the page you're running the js on, not the websocket server. What are you using to serve it?

[lwiechec]

Right now I was just running it from the file (URL would be file:https:///my/wstest/index.html).

I was also testing with running a simple HTTP server that is serving the index.html (was using python -m SimpleHTTPServer <port> in the dir the file is saved).

[bendem]

I think everything is blocked by default when running from the local filesystem (with file:https://). If it doesn't work with the python server and localhost:<port>, I'm not sure. What browser / OS are you using?

[lwiechec]

It's Firefox 39.0.3 on Linux.

I am logging what arrives on the websocket Java server that I am running:

GET /socket.io/?EIO=3&transport=polling&t=1439553973950-7 HTTP/1.1
Host: localhost:8887
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: null
Cookie: _ga=GA1.1.1835690867.1423483351
Connection: keep-alive

[bendem]

It's the server's response headers that matters for CORS control. What's the output of curl -I localhost:<port> where <port> if your python server's port?

[lwiechec]

curl -I localhost:6666

gives

HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/2.7.6
Date: Fri, 14 Aug 2015 14:36:24 GMT
Content-type: text/html
Content-Length: 3680
Last-Modified: Fri, 14 Aug 2015 14:35:11 GMT

[bendem]

Really weird, I have no idea what could do that.

[lwiechec]

But - isn't it like this: the JS code, read from http:https://localhost:6666/ is run in the browser and ordered to create websocket to address http:https://localhost:8887 (that's where my websocket service is running). The browser issues GET only not to receive the Access-Control-Allow-Origin: * which is interpreted as 'this service is not public and will not accept us as a origin`. Browser then refuses to run it.

[bendem]

The browser shouldn't even try to contact the websocket server. Which is why I find this really weird.

Origin: null is bothering me, can you try setting origins to something? like io.set('origins', 'localhost:<port>) (link)

[lwiechec]

I am using Socket.IO to create clients and I can't call io.set() :/

Browser should not contact the websocket server? but - it is running the JS code that tell it just that?...

[GregDThomas]

Origin: null is sent from the client to indicate that the requesting page is hosted on the file system.

[meta-meta]

bump

[meta-meta]

I'm running a Java-WebSocket server on Android. I managed to add Access-Control-Allow-Origin: * to the handshake response by overriding Draft.postProcessHandshakeResponseAsServer and passing my Draft implementation to the WebSocketServer constructor.

Still no luck though. I get this when sending a message from server to client:

XMLHttpRequest cannot load http:https://[websocket server on android]/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http:https://[web page with websocket client]:8080' is therefore not allowed access.

[meta-meta]

@lwiechec did you ever solve the problem you were having?

[lwiechec]

Hi,

no I haven't. But I have switched to using web socket implementations from Tomcat, as the application that I planned to write had to be deployed as WAR...

---- On Ter, 26 Abr 2016 23:50:08 +0200 Paul M. Christian <[email protected]>wrote ----

@lwiechec did you ever solve the problem you were having?

—

You are receiving this because you were mentioned.

Reply to this email directly or view it on GitHub

[marci4]

Closing this issue for #490

Greetings
marci4