Modulus and secure websockets

[Chad Kruse]

Trying to get my head around websockets and xhr. I've been noticing lengthy response times apparently due to websockets falling back to xhr when it can't connect...I'm trying to diagnose why.

Production app is being hosted on Modulus. SSL enabled.

The app has been running at 1.0.2.1 but was originally created during the ~0.65 days. As first order of business I upgraded the standard-app-packages to meteor-platform packages and restarted the server. No change.

Assuming my browser security policy is correct (see below), is there anything I need to do to explicitly force the app to use secure websockets? Unlike Heroku (as I understand), Modulus does not require any explicit commands to enable secure websockets.

Ideas? Relative newbie here so any thoughts or advice greatly appreciated.

BrowserPolicy.content.disallowConnect();
  //
  //Allow Meteor DDP Connections
  //
  var rootUrl = __meteor_runtime_config__.ROOT_URL;
  console.log('ROOT_URL: ' + rootUrl);
  //Allow DDP connections for local development
  if (rootUrl == 'http://localhost:3000/') {
    BrowserPolicy.content.allowConnectOrigin(rootUrl);
    BrowserPolicy.content.allowConnectOrigin(rootUrl);
  }
  //Allow DDP connections for staging server currently using Meteor's free hosting
  if (rootUrl == 'http://staging.example.com') {
    BrowserPolicy.content.allowConnectOrigin('https://*.meteor.com');
    BrowserPolicy.content.allowConnectOrigin('wss://*.meteor.com');
  }
  //Allow DDP connections for Modulus
  if (rootUrl == 'https://myappname-12345.onmodulus.net') {
    BrowserPolicy.content.allowConnectOrigin('https://example.com');
    BrowserPolicy.content.allowConnectOrigin('wss://example.com');
  }

[Chad Kruse]

Slight copy/paste error on my part. Not that it matters for this question, but in case it helps any future visitors, here's my (actual) localhost policy that handles DDP:

//Allow DDP connections for local development
  if (rootUrl == 'http://localhost:3000/') {
    BrowserPolicy.content.allowConnectOrigin(rootUrl);

    BrowserPolicy.content.allowConnectOrigin(rootUrl.replace(/http(s?)/, 'ws$1'));
  }

[Michael Macherey]

Hi Chad,

Short answer:

try to set origin to http

like so

BrowserPolicy.content.allowConnectOrigin('http://*.meteor.com');

and 

Long answer:

a view days ago i had my issius with websockets as well.

https://www.npmjs.com/package/ws

I tried to connect a websocket client with a websocket server.

"ws://..." works fine 

var WebSocket = require('ws');

var ws = new WebSocket('wss://echo.websocket.org/');

but "wss://..." don't.

As i added "protocolVersion" and "origin" at the second paramter as a object it works.

var WebSocket = require('ws'); var ws = new WebSocket('wss://echo.websocket.org/', { protocolVersion: 8, // i do not know until now if this is necessary? origin: 'http://websocket.org' });

I thought about it and i maybe figured it out why first the websocket request were rejected.

As i know the client send a request "ws://" to the server asking for switching protocol from http to websocket over "http".

The server if able to speak websocketprotocol than switch the protocol so client and server now connected via websockets.

If the client send a secure-websocket request "wss://" to the server the client tries it with "https://" but the server can't solve this and reject the request, but if you specifie the origin as "http://" he can and will establish a websocket connection.

I wish that will help you, and please give feedback if so.

If i am wrong with my thoughts i'm happy to be enlightnend and like to get a hint! ;-)