3

I have a html5 page with

var connection = new WebSocket('ws://foo.bar:8888');

But I get an error

Mixed Content: The page at 'https://foo.bar/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://foo.bar:8888/'. This request has been blocked; this endpoint must be available over WSS.

I understand that, but I can't serve a Secure Websocket. Is there any way to make this work, except starting chrome with --allow-running-insecure-content or something like that, where the user has to do something?

Thanks!

CodingKiwi
  • 676
  • 8
  • 22
  • 1
    No, the error is telling you exactly what you must do. If you're serving the page as https, you need to serve the socket as wss. Like CORS, there's no real workaround. What's preventing you from serving a secure websocket? – Brennan May 03 '17 at 19:23
  • Especially considering that WebSocket uses HTTP to handshake the connection, so if you can serve HTML over HTTPS, you should be able to serve WebSocket over WSS since it would be using HTTPS for the handshake. – Remy Lebeau May 03 '17 at 23:37
  • @RemyLebeau, not necessarily. An example use case would be loading the web app over the https. The app in turn attempts to connect to a preinstalled web-socket-server, running on the client machine. You have to make the user to certify the machine, which is not desirable. – scopchanov May 29 '21 at 12:00

1 Answers1

4

So months later I can say: If you can serve the page via https somewhere on your server there are certificate and chain files, use these to serve a wss

CodingKiwi
  • 676
  • 8
  • 22
  • 1
    What we can do if i cant use wss ( it is some other platform build and have no catabillity for upgrade to wss ) any alternative ? – Nikola Lukic Mar 14 '21 at 20:40
  • You assume that the app server and the websocket server are running on the same machines. This is not always the case. – scopchanov May 29 '21 at 12:02