Socket.IO:跨域请求被阻止:同源策略不允许读取远程资源 [英] Socket.IO: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
问题描述
我在 FF 中有一个奇怪的问题,它没有在 Chrome 中重现:使用 SSL 连接时,与另一个源的 websocket 连接不起作用.
我的 Rails 应用在 https://wax.lvh.me:3000 上运行,socket.io 节点 JS 应用在 https://wax.lvh.me 上运行:3001.当我尝试从 FF 中的 Rails 应用程序连接到套接字时,我在浏览器的开发控制台中看到以下警告:
当我打开网络"选项卡时,我看到以下响应标头 - 请注意,响应中没有访问控制标头:
我尝试使用其他人的以下食谱 SO 答案:
从
我使用以下浏览器和工具版本:
- Firefox - 63.0.3(64 位)
- Google Chrome - 版本 73.0.3683.39(官方版本)测试版(64 位)
- Socket.io - 2.2.0
您对如何在 socket.io 中为 FF 正确设置 CORS 有任何想法吗?
我们的 socket.io 应用程序中的 CORS 配置一切正常
问题出在 SSL 证书上:我们的配置在 HTTPS 服务器初始化中缺少 ca(中间证书)选项.我们修复了此代码的问题:
require('https').createServer({ca: fs.readFileSync(process.env.SSL_CA),//缺少这个配置证书:fs.readFileSync(process.env.SSL_CERT),密钥:fs.readFileSync(process.env.SSL_KEY)})正如 nodeJS 创建安全上下文文档所说:
<块引用>ca string |string[] |缓冲区 |缓冲区[].(可选)覆盖受信任的 CA 证书.默认是信任 Mozilla 管理的知名 CA.当使用此选项明确指定 CA 时,Mozilla 的 CA 将被完全替换.该值可以是字符串或缓冲区,或字符串和/或缓冲区的数组.任何字符串或缓冲区都可以包含多个连接在一起的 PEM CA.对等方的证书必须可链接到服务器信任的 CA,才能对连接进行身份验证.使用不可链接到知名 CA 的证书时,必须将证书的 CA 明确指定为受信任的,否则连接将无法通过身份验证.如果对等方使用的证书不匹配或链接到默认 CA 之一,请使用 ca 选项提供对等方证书可以匹配或链接到的 CA 证书.对于自签名证书,该证书是其自己的 CA,并且必须提供.对于 PEM 编码证书,支持的类型为受信任证书"、X509 证书"和证书".
I have a strange issue in FF which is not reproduced in Chrome: websocket connection to another origin does not work when using SSL connection.
My Rails app is running on https://wax.lvh.me:3000 and socket.io node JS app is running on https://wax.lvh.me:3001. When I try to connect to the socket from the Rails app in FF I see the following warnings in the browser's dev console:
When I open the Network tab I see the following response headers - notice that there are no access-control headers in the response:
I tried to use the following recipes from the others SO answers:
Set up origins to '*:*' from this answer
io = require('socket.io').listen(server)
io.set('origins', '*:*');
Set up origins to a function from this answer
io.origins (origin, callback) =>
if origin.match(/lvh.me/)
return callback(null, true)
callback('Origin not allowed', false)
But nothing helped me to fix this issue so far
Notice that access-control headers are set correctly in Chrome:
I use the following browser and tool versions:
- Firefox - 63.0.3 (64-bit)
- Google Chrome - Version 73.0.3683.39 (Official Build) beta (64-bit)
- Socket.io - 2.2.0
Do you have any ideas how to set up CORS in socket.io for FF correctly?
There was everything OK with CORS configuration in our socket.io app
The problem was with SSL certificates: our configuration was missing ca (intermediate certificate) option in the HTTPS server initialization. We fixed the issue with this code:
require('https').createServer({
ca: fs.readFileSync(process.env.SSL_CA), // this config was missing
cert: fs.readFileSync(process.env.SSL_CERT),
key: fs.readFileSync(process.env.SSL_KEY)
})
As nodeJS create Secure Context documentation says:
ca
string|string[]|Buffer|Buffer[]. Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are explicitly specified using this option. The value can be a string or Buffer, or an Array of strings and/or Buffers. Any string or Buffer can contain multiple PEM CAs concatenated together. The peer's certificate must be chainable to a CA trusted by the server for the connection to be authenticated. When using certificates that are not chainable to a well-known CA, the certificate's CA must be explicitly specified as a trusted or the connection will fail to authenticate. If the peer uses a certificate that doesn't match or chain to one of the default CAs, use the ca option to provide a CA certificate that the peer's certificate can match or chain to. For self-signed certificates, the certificate is its own CA, and must be provided. For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE".
这篇关于Socket.IO:跨域请求被阻止:同源策略不允许读取远程资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
