sockjs script file blocked over https connection

[Udaya Karthick]

I was installing SSL certificates to my and i noticed all  my request to vertx services has been blocked because it wont load insecure content over HTTPS. The client side code generated with 

"sockjs-0.3.4.min.js" but it is loaded over http. How do i change this URL to https? i tried downloading sockjs-0.3.4.min.js and put it into assests folder(Using EmberJS here) but still it won't work?

Mixed Content: The page at 'https://myproject.com/main/' was loaded over HTTPS, but requested an insecure script 'http://cdn.sockjs.org/sockjs-0.3.4.min.js'. This request has data/user/history/iframe.html#g3b5hwyw been blocked; the content must be served over HTTPS. 

Needed help on this?

[Udaya Karthick]

Any updates on this? Using it on production environment..any help would be appreciated..thanks

[Julien Viet]

Hi,

you don’t include the rest of the discussion

so the context is lost, can you provide it again to help the discussion going forward ?

> On Jul 12, 2016, at 5:44 PM, Udaya Karthick <karthic...@gmail.com> wrote:
>
> Any updates on this? Using it on production environment..any help would be appreciated..thanks
>

> --
> You received this message because you are subscribed to the Google Groups "vert.x" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
> Visit this group at https://groups.google.com/group/vertx.
> To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/c30adc7b-8622-40e7-a626-6966a93cfa5f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Udaya Karthick]

I scanned all sockjs-client(iframe.js,iframe-bootstrap, etc.,) folder inside /vertx3-eventbus-client but I couldn't find origin of this sockjs script file where it is loaded?

[Paulo Lopes]

I don't understand why but I've already answered this question twice and it keeps getting deleted.

You are using the wrong CDN you should be using:

https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js

Which has a valid SSL certificate **OR** download that script and serve it from your server so there is no more mixed content and CORS issues.

[Udaya Karthick]

Yes Paulo, I noticed the messages keeps getting deleted too. 

And now . the problem is this cdn is generated by sockjs at runtime (Exactly when vertx-eventbus-client tries to connect to vertx sockjs server). I trying to get where  this iframe url is getting generated(but the js file called iframe.js under sockjs-client's node_module folder is responsible to generate the iframe but couldn't find the origin of url).

I have raised this as issue on sockjs-client github page too.

https://github.com/sockjs/sockjs-client/issues/318

[Paulo Lopes]

Now that I've seen your bug report i understand the problem :)

The issue is not related to socks, it is a config from vert.x:

https://github.com/vert-x3/vertx-web/blob/master/vertx-web/src/main/java/io/vertx/ext/web/handler/sockjs/SockJSHandlerOptions.java#L43

The default CDN is wrong and we should fix it. For now you can solve it by setting the "libraryURL" property with the correct CDN using this factory method:

https://github.com/vert-x3/vertx-web/blob/master/vertx-web/src/main/java/io/vertx/ext/web/handler/sockjs/SockJSHandler.java#L56

[creativedotit]

Maybe the source should be fixed using protocolRelativeURIs http://www.paulirish.com/2010/the-protocol-relative-url/ ;) 

[Udaya Karthick]

Thanks Paulo, That solved the the Mixed content error. But It is throwing a different error. PFB

Uncaught SecurityError: Blocked a frame with origin "https://myproject.com" from accessing a frame with origin "https://myproject.com". The frame requesting access set "document.domain" to "myproject.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access.          
                     VM529 htmlfile?c=_jp.axgqdx4:10(anonymous function) 
Uncaught TypeError: Cannot read property 'message' of undefined

                                VM529 htmlfile?c=_jp.axgqdx4:10(anonymous function) 

Uncaught TypeError: Cannot read property 'message' of undefined
WebSocket connection to 'wss://myproject.com/data/user/history/229/pop0e1qq/websocket' failed: Error during WebSocket handshake: Unexpected response code: 408

VM529 htmlfile?c=_jp.axgqdx4 - Generated code

    document.domain = document.domain;
    var c = parent._jp.axgqdx4;
    c.start();
    function p(d) {c.message(d);};
    window.onload = function() {c.stop();};

Any Idea where it goes wrong?

[Paulo Lopes]

Does your main html include the same libraryURL as your vert.x config?

Do they both show:

https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js

or:

//cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js

[Udaya Karthick]

My Web-UI is EmberJS. and it doesn't include sockJS(atleast externally) . its just vertx3-eventbus-client  --> vertx sockjs server

[Paulo Lopes]

Ok in that case (i'm no emberjs expert) but if you're using the npm module you're probably already serving it from your host, you should use the same url for the sockjs config too.

[Udaya Karthick]

Where exactly on the client i need to do the change? 

[Paulo Lopes]

if you're importing the module from npm you're probably serving it too right? then you should use the same path on the config like:

//yourserver.com/the_same_path_to/where/your/npm/stuff/is

[Udaya Karthick]

Ok Will give it a try. Thank Paulo