Chrome Websockets CORS政策 [英] Chrome Websockets CORS policy

问题描述

我无法在Chrome中打开网络套接字。似乎在Chrome中有一些针对Websocket的CORS政策。

I'm having trouble opening a websocket in Chrome. It seems that there is some CORS policy in chrome for websockets.

如果我在www.example.com上并尝试在api.example.com上打开websocket，它将在控制台网络标签上显示待处理，并会触发消息为 WebSocket连接到'wss：//api.example.com'的onerror失败：在收到握手响应之前，连接已关闭。如果查看服务器，则看不到建立Web套接字连接的请求，因此没有选项请求响应，也没有设置Access-Control-Allow-Origin标头的能力。
但是，如果我首先向api.example.com发出请求，则该请求在浏览器上会将我重定向回www.example.com，它将可以正常工作。

If I am on www.example.com and attempt to open the websocket at api.example.com it'll say pending on the console network tab, and will fire the onerror with a message WebSocket connection to 'wss://api.example.com' failed: Connection closed before receiving a handshake response. If I look at the server I do not see a request for a web socket connection being made, so there is no options request to respond to, or Ability to set an Access-Control-Allow-Origin header. However if I first make a request to api.example.com which on the browser will redirect me back to www.example.com it'll work fine.

您是否需要为Chrome中的Websocket请求使用相同的来源？

Are you required to use the same origin for websocket requests in chrome?

注意：仅此问题

推荐答案

我再次遇到了这个问题。我仍然没有弄清楚为什么，但是首先向子域发出 OPTIONS （或其他任何请求）请求可以打开连接。

I came across this issue again. I still haven't figured out why, but making an OPTIONS (or any other) request to the subdomain first allows the connection to be opened.

这似乎只是wss连接的问题，并且已经在多个域和证书中弹出。

This only seems to be a problem with wss connections, and has popped up across multiple domains and certificates.

这篇关于Chrome Websockets CORS政策的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！