Socket.IO:跨域请求被阻止:同源策略禁止读取远程资源 [英] Socket.IO: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
问题描述
我在FF中遇到一个奇怪的问题,Chrome无法复制该问题:使用SSL连接时,与其他来源的websocket连接无法正常工作.
我的Rails应用程序在 https://wax.lvh.me:3000 上运行,而socket.io节点JS应用程序在 https://wax.lvh.me上运行:3001 .当我尝试从FF中的Rails应用程序连接到套接字时,在浏览器的开发控制台中看到以下警告:
打开网络"选项卡时,我看到以下响应标头-请注意,响应中没有访问控制标头:
我试图从其他SO答案中使用以下食谱:
将起源设置为
我使用以下浏览器和工具版本:
- Firefox-63.0.3(64位)
- Google Chrome-73.0.3683.39版(正式版本)测试版(64位)
- Socket.io-2.2.0
您对如何在socket.io中为FF正确设置CORS有任何想法吗?
socket.io应用中的CORS配置一切正常
问题出在SSL证书上:我们的配置缺少HTTPS服务器初始化中的 ca (中间证书)选项.我们使用以下代码解决了该问题:
require('https').createServer({ca:fs.readFileSync(process.env.SSL_CA),//此配置丢失证书:fs.readFileSync(process.env.SSL_CERT),密钥:fs.readFileSync(process.env.SSL_KEY)}) ca
string|string []|缓冲区|Buffer [].(可选)覆盖受信任的CA证书.默认设置是信任Mozilla策划的知名CA.使用此选项明确指定CA时,Mozilla的CA将被完全替换.该值可以是字符串或缓冲区,也可以是字符串和/或缓冲区数组.任何字符串或缓冲区都可以包含多个串联在一起的PEMCA.对等方的证书必须可链接到服务器信任的CA,以便对连接进行身份验证.当使用不可链接到知名CA的证书时,必须将证书的CA显式指定为受信任的证书,否则连接将无法通过身份验证.如果对等方使用的证书与默认CA之一不匹配或不链接,则使用ca选项提供对等方证书可以与之匹配或链接的CA证书.对于自签名证书,该证书是其自己的CA,必须提供.对于PEM编码的证书,支持的类型为"TRUSTED CERTIFICATE","X509 CERTIFICATE"和"CERTIFICATE".
I have a strange issue in FF which is not reproduced in Chrome: websocket connection to another origin does not work when using SSL connection.
My Rails app is running on https://wax.lvh.me:3000 and socket.io node JS app is running on https://wax.lvh.me:3001. When I try to connect to the socket from the Rails app in FF I see the following warnings in the browser's dev console:
When I open the Network tab I see the following response headers - notice that there are no access-control headers in the response:
I tried to use the following recipes from the others SO answers:
Set up origins to '*:*' from this answer
io = require('socket.io').listen(server)
io.set('origins', '*:*');
Set up origins to a function from this answer
io.origins (origin, callback) =>
if origin.match(/lvh\.me/)
return callback(null, true)
callback('Origin not allowed', false)
But nothing helped me to fix this issue so far
Notice that access-control headers are set correctly in Chrome:
I use the following browser and tool versions:
- Firefox - 63.0.3 (64-bit)
- Google Chrome - Version 73.0.3683.39 (Official Build) beta (64-bit)
- Socket.io - 2.2.0
Do you have any ideas how to set up CORS in socket.io for FF correctly?
There was everything OK with CORS configuration in our socket.io app
The problem was with SSL certificates: our configuration was missing ca (intermediate certificate) option in the HTTPS server initialization. We fixed the issue with this code:
require('https').createServer({
ca: fs.readFileSync(process.env.SSL_CA), // this config was missing
cert: fs.readFileSync(process.env.SSL_CERT),
key: fs.readFileSync(process.env.SSL_KEY)
})
As nodeJS create Secure Context documentation says:
ca
string|string[]|Buffer|Buffer[]. Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are explicitly specified using this option. The value can be a string or Buffer, or an Array of strings and/or Buffers. Any string or Buffer can contain multiple PEM CAs concatenated together. The peer's certificate must be chainable to a CA trusted by the server for the connection to be authenticated. When using certificates that are not chainable to a well-known CA, the certificate's CA must be explicitly specified as a trusted or the connection will fail to authenticate. If the peer uses a certificate that doesn't match or chain to one of the default CAs, use the ca option to provide a CA certificate that the peer's certificate can match or chain to. For self-signed certificates, the certificate is its own CA, and must be provided. For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE".
这篇关于Socket.IO:跨域请求被阻止:同源策略禁止读取远程资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
