[sockjs-client][Opera] Security Violation?

[ming....@accedo.tv]

Hi,

I am a newbie in sockjs-client / sockjs-node. While I tried official echo example on Opera 11.61, got following error on dragonfly console:

Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.61 (Core 2.10.229)

Use the clear() command to clear the console.

Type "// help()" for more information

Uncaught exception: ReferenceError: Security violation

Error thrown at line 27, column 20091 in <anonymous function: r.prototype._start>(a, d, e) in http://cdn.sockjs.org/sockjs-0.2.min.js:

    "withCredentials"in f.xhr&&(f.xhr.withCredentials="true"),f.xhr.onreadystatechange=function(){if(f.xhr){var a=f.xhr;switch(a.readyState){case 3:try{var b=a.status,c=a.responseText;f.emit("chunk",b,c)}catch(a){}break;case 4:f.emit("finish",a.status,a.responseText),f._cleanup(!1)}}},f.xhr.send(e)

called from line 27, column 19627 in <anonymous function: c.XHRObject>() in http://cdn.sockjs.org/sockjs-0.2.min.js:

    e._start(a,b,d)>>>

Opera Version information

Version: 11.61 

Build: 1250 

Platform: Win32 

System: Windows 7 

XHTML+Voice: Plug-in not loaded

Just wonder what the cause might be and how to fix it. The version of sockjs-client and sockjs-node is the latest version (I just npm install today). Thanks a lot.

[Marek Majkowski]

Hi,

Opera definetely should work. The problem is most likely related to cross
domain / iframe connectivity.

What is your domain configuration? Are you serving main site
from like localhost:8080 and sockjs from localhost:8081?
(It's not that this setup is required, but I try understand
to be able to reproduce it)

Can you check if the officially deployed examples work for you?
http://sockjs.cloudfoundry.com/example-cursors.html
http://sockjs.popcnt.org/example-cursors.html

Cheers,
Marek

[Vladimir Dronnikov]

>>     "withCredentials" in f.xhr

i believe we get error here ^^^
please, try f.xhr.withCredentials != undefined instead.

--dvv

[Ming-Chin Hsieh]

Hi Marek,

I tried the officially deployed examples as you provides. Following protocols work on Opera:

iframe-eventsource

iframe-htmlfile

iframe-xhr-polling

I also tried to run the echo server example using non-minified version of sockjs-0.2.js, the error message shows:

Uncaught exception: ReferenceError: Security violation

Error thrown at line 667, column 4 in <anonymous function: XHRObject.prototype._start>(method, url, payload) in http://localhost/sjs/sockjs-0.2.js:

    that.xhr.send(payload);

called from line 615, column 43 in <anonymous function: utils.XHRObject>() in http://localhost/sjs/sockjs-0.2.js:

    that._start(method, url, payload);>>>

The index.html I deployed to port 80 and sockjs listen to port 9999. Same machine (127.0.0.1).

Thanks.

[Ming-Chin Hsieh]

@dvv: I tried your suggestion. but it does not work.

[Marek Majkowski]

On Wed, Feb 29, 2012 at 07:57, Ming-Chin Hsieh <ming....@accedo.tv> wrote:
> Hi Marek,
>
> I tried the officially deployed examples as you provides. Following
> protocols work on Opera:
>
> iframe-eventsource
> iframe-htmlfile
> iframe-xhr-polling

That's good. As written in:
https://github.com/sockjs/sockjs-client
The most important protocols for opera are iframe-eventsource and
iframe-xhr-polling.
Additionally jsonp-polling should work.

> I also tried to run the echo server example using non-minified version of
> sockjs-0.2.js, the error message shows:
>
> Uncaught exception: ReferenceError: Security violation
>
> Error thrown at line 667, column 4 in <anonymous function:
> XHRObject.prototype._start>(method, url, payload) in
> http://localhost/sjs/sockjs-0.2.js:
>     that.xhr.send(payload);
> called from line 615, column 43 in <anonymous function: utils.XHRObject>()
> in http://localhost/sjs/sockjs-0.2.js:
>     that._start(method, url, payload);>>>
>
> The index.html I deployed to port 80 and sockjs listen to port 9999. Same
> machine (127.0.0.1).

Right. Can you please run sockjs-client and sockjs-node (as described
in the readme).

That should start a sockjs-client test server on port 8080 exactly and serve
the same stuff as http://sockjs.popcnt.org/.
Can you run the cursors test and tell me which transport (out of
iframe-eventsource,
iframe-htmlfile, iframe-xhr-polling and jsonp-polling) doesn't work for opera?

I'll try to reproduce that in the mean time,

Cheers,
Marek

[Marek Majkowski]

Ming,

Thanks for your report. The bug is caused by the code that checks if
domains are same origin:
https://github.com/sockjs/sockjs-client/blob/0be70ef6323790c13f73d0bca25dc2b3407c2739/lib/utils.js#L26-31

Which is clearly wrong. From it's perspective 'http://localhost' and
'http://localhost:9999' are the same.
That's why Opera complains.

I filed a bug: https://github.com/sockjs/sockjs-client/issues/50 , it
will be fixed in the next release.

As a temporary workaround, please use different domains for serving
your index.html
and sockjs. (ie: 127.0.0.1 and localhost), or use port numbers without shared
prefix (127.0.0.1:8080 and 127.0.0.1:9999 will do, while 127.0.0.1:99
and 127.0.0.1:9999 are not good).

Thanks again for reporting this issue.

Cheers,
Marek

On Wed, Feb 29, 2012 at 07:57, Ming-Chin Hsieh <ming....@accedo.tv> wrote:

[Roey Berman]

Marek,

I really like your approach.

You don't allow a single bug in the library.

Keep up the outstanding work!

Roey

[Ming-Chin Hsieh]

Verified it solved. Thanks Marek.