我在 FF 中遇到了一个奇怪的问题,它在 Chrome 中没有重现:使用 SSL 连接时,到另一个来源的 websocket 连接不起作用。
我的 Rails 应用程序在 https://wax.lvh.me:3000
上运行,而 socket.io node JS 应用程序在 https://wax.lvh.me 上运行: 3001
。当我尝试从 FF 中的 Rails 应用程序连接到套接字时,我在浏览器的开发控制台中看到以下警告:
当我打开“网络”选项卡时,我看到以下响应 header - 请注意响应中没有访问控制 header :
将来源设置为 '*:*'
from this answer
io = require('socket.io').listen(server)
io.set('origins', '*:*');
将起源设置为来自 this answer 的函数
io.origins (origin, callback) =>
if origin.match(/lvh\.me/)
return callback(null, true)
callback('Origin not allowed', false)
但到目前为止没有任何帮助我解决这个问题
请注意,访问控制 header 已在 Chrome 中正确设置:
我使用以下浏览器和工具版本:
- Firefox - 63.0.3(64 位)
- Google Chrome - 版本 73.0.3683.39(正式版)测试版(64 位)
- Socket.io - 2.2.0
您知道如何在 FF 的 socket.io 中正确设置 CORS 吗?
最佳答案
我们的 socket.io 应用程序中的 CORS 配置一切正常
问题出在 SSL 证书上:我们的配置在 HTTPS 服务器初始化中缺少 ca
(中间证书)选项。我们解决了此代码的问题:
require('https').createServer({
ca: fs.readFileSync(process.env.SSL_CA), // this config was missing
cert: fs.readFileSync(process.env.SSL_CERT),
key: fs.readFileSync(process.env.SSL_KEY)
})
作为nodeJS create Secure Context documentation说:
ca
string
|string[]
|Buffer
|Buffer[]
. Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are explicitly specified using this option. The value can be a string or Buffer, or an Array of strings and/or Buffers. Any string or Buffer can contain multiple PEM CAs concatenated together. The peer's certificate must be chainable to a CA trusted by the server for the connection to be authenticated. When using certificates that are not chainable to a well-known CA, the certificate's CA must be explicitly specified as a trusted or the connection will fail to authenticate. If the peer uses a certificate that doesn't match or chain to one of the default CAs, use the ca option to provide a CA certificate that the peer's certificate can match or chain to. For self-signed certificates, the certificate is its own CA, and must be provided. For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE".
关于ssl - Socket.IO:跨域请求被阻止:同源策略不允许读取远程资源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54754146/