All geek questions in one place

CORS Privacy Policy for Chrome Websockets

I'm having trouble opening a website in Chrome. There seems to be some CORS policy in chrome for websockets.

If I am on www.example.com and try to open websocket on api.example.com, it will say pending on the console tab of the console and throw onerror with a message WebSocket connection to 'wss://api.example.com' failed: Connection closed before receiving a handshake response. If I look at the server, I do not see a request to connect to the web socket, so there is no response to the request for parameters or the ability to set the Access-Control-Allow-Origin header. However, if I first make a request to api.example.com, which redirects me to www.example.com in the browser, it will work fine.

Do you need to use the same origin for websocket requests in chrome?

Note. This problem is only related to chrome.

+5
source share
4 answers

I ran into this problem again. I still do not understand why, but executing a request OPTIONS(or any other) on a subdomain first allows you to open a connection.

This just looks like a problem with wss connections, and it has appeared in several domains and certificates.

+2
source

The browser does not use CORS with WebSocket. Here are two things that may go wrong (assuming you use both HTTPS and WSS):

  • Origin. HTTP Origin HTML, JavaScript, WebSocket. . , (?), .
  • wss, - . ?
+11

Try Access-Control-Allow-Originsetting the title to api.example.com, which allows you to use www.example.com.

0
source

Source: https://habr.com/ru/post/1533397/

More articles:


All Articles