I've created a Socket.IO server which pushes listing details to connected clients. Over HTTP in a browser, everything works as intended using web sockets, however one of the client types that will consume the service is strictly Flash (not socket fallback, just straight up Flash). We are using the AS3 Web Socket Client library.
When the Flash client (built by another team) tries to connect to the server, it's getting a security sandbox violation. I'm aware this has to do with the policy file serving from the Socket.IO server, but I'm at a loss as to exactly how to serve up this file. When I telnet 127.0.0.1 10843 or telnet 127.0.0.1 843 I get no response. If I recall, in past projects we've been able telnet to the policy file server to get the response. This would be ideal to help me verify that it's being served.
I understand that the default port is 10843, and have also tried setting to 843.
Here's what I have:
Push service running on localhost:3000
Browser clients can connect and join channels no problem
I have a crossdomain.xml file in root directory (not sure if this is needed or not)
I have the following settings pertaining to the policy file:
// Socket Setup
io.set('transports', ['websocket','flashsocket']);
io.set('flashPolicyServer', true);
io.set('flash policy port', 843);
An aside (maybe), with these settings I'm also getting an error on starting the service (though it still starts):
Option flashPolicyServer is not valid. Please refer to the README.
Option flash policy port is not valid. Please refer to the README.
I'm at a loss. Hopefully not a duplicate; I searched high and low and believe I'm missing something minor. Any recommendations?
It seems that Socket.IO developers decided to get rid of some transports, and thus since 1.0 there is no Flash transport support. This is a bit confusing because on the new docs there is simply no mentioning of Flash transport presence at all.
In Socket.IO 0.9 you could find WebSocketMain.swf and WebSocketMainInsecure.swf files somewhere inside socket.io folder. In 1.* there are no any files with .swf extension.
So if you need Flash support you should install Socket.IO 0.9 with this command:
npm install socket.io#0.9
According to the socket.io documentation, the flash policy server defaults to true when the flashsocket transport is enabled. This means that the flashPolicyServer (which should be flash policy server) option is unnecessary. Try setting the port before setting the transports as well... like this.
io.set('flash policy port', 843);
io.set('transports', [ 'websocket', 'flashsocket' ])
This ensures that when the flash socket server starts up, it starts with that port, rather than starting, getting killed and then restarted with the new port. Also, since 843 is a root port, make sure it has permission to use that port.
edit
It seems as though socket.io dropped support for flash outright. The docs on their github are for 0.9.0. Which is confusing. There is an alternative that might be useful although I have not tried it. FlashSocket.io should help facilitate your needs.
Related
I'm completely new to Node, and even newer to Socket.io. I just got my first chat application online at spaiglas.com, which works despite an error in the developer console that is fairly straightforward...
WebSocket connection to 'ws://example.com/...' failed
: Error during WebSocket handshake
: 'Connection' header is missing
Here is a codepen with all of my code. I've uploaded it to my hosting provider, which is using Passenger via cPanel on an Apache server in a Node 9.11.2 environment.
From what I've been reading, the 'Connection' headers can't be set using AJAX, which is supposedly a security risk, but instead is handled by the server? Is it possible to manually set this header?
I have noticed by looking at the headers that early on usually one of them always successfully switches/upgrades the protocol to WebSockets, but then the platform always seems to revert back to HTTPS/polling. In the case below, which I observed just now, there were actually 2 out of now 67 instances whereby it successfully switched to and used the WebSockets protocol.
You need to initialize socket.io before you start your HTTP server that is listening on port 80. In the docs it is...
var http = require('http').Server(app);
var io = require('socket.io')(http);
And then later, you call http.listen(3000, ...). This will start the socket.
On the client, your path is also incorrect. Websockets is a protocol (ws://somedomain.com), just like HTTP. When you connect via http:// that is a different protocol. I would either not pass it anything, or use namespaces which you can find in the socket.io documentation.
Socket.io reverts to long polling and sometimes doesn't even use websockets (which is partly why it is generally slower than libraries like ws on npm). Because of that, passing http:// into the io(...) on the client may not be wrong with their library, but I would remove it anyway and do my above suggestion.
We have a Nodejs server that communicates with the websocket protocol (WebRTC, socket.io).
During our development on Heroku, we did not encounter any particular problem.
However, we encountered problems during the deployment of our application on Azure:
The client / server communication is unstable, after analysis we noticed that there is a failure to communicate in websocket and that the transport protocol used is 'polling':
websocket.js:112 WebSocket connection to
'wss://hote.fr/socket.io/?EIO=3&transport=websocket&sid=EgjKLAtp89wrBKMzAAAG'
failed: Error during WebSocket handshake: Unexpected response code:
503
When you activate the "Websocket" function on the administration, the site becomes even more unstable and very long and communication is impossible. The problem of websocket communication is not solved with this function. Example
After having informed us we did disable the websockets in the web.config but without change.
Note that with the same code, everything works well under heroku and the protocol used is websocket.
Has anyone ever encountered this problem, and has a solution?
I'm sorry about my English.
Thank you in advance for your time.
You need do the following to make it work on Azure App Service.
Enable Web sockets via the Azure portal.
Disable the IIS WebSocket module to allow Node.js to provide its own
WebSocket implementation by add this to your web.config file:
<webSocket enabled="false" />
Tell Socket.IO to use WebSocket only instead of a few XHR requests by adding this to the Node.js server:
io.set('transports', ['websocket']);
And on the client add this:
var socket = io({transports: ['websocket']});
Try the suggestions outlined by Aaron to narrow the issue, I would like to highlight a few restrictions on the Azure Sandbox to help isolate the issue further:
1.In App Service, limits are enforced for the maximum number of outbound connections that can be made for each VM instance.
As mentioned in the document Cross-VM numerical limits:
“These limits apply only for customers of Basic or higher plans; in other words, customers running on their own dedicated VMs. These limits are there to protect the entire VM even though one particular site may be with its limits described above. The limits are different depending on the size of VM configured.”
This error also might occur if you try to access a local address from your application.
As mentioned in the document Local address requests:
“Connection attempts to local addresses (e.g. localhost, 127.0.0.1) and the machine's own IP will fail, except if another process in the same sandbox has created a listening socket on the destination port.
Rejected connection attempts, such as the following example which attempts to connect to 127.0.0.1:80, from .NET will result in the following exception:
Exception Details: System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions 127.0.0.1:80.”
3.For more information about outbound connections in your web app, see the blog post about outgoing connections to Azure websites.
After installing node.js, I followed this tutorial to start a simple chat server. It was very easy to setup and is working, but I have noticed two problems:
1.) I am getting this warning from socket.io
info - socket.io started
debug - served static /socket.io.js
debug - client authorized
info - handshake authorized 1385647068766475337
debug - setting request GET /socket.io/1/websocket/1385647068766475337
debug - set heartbeat interval for client 1385647068766475337
warn - websocket connection invalid
This doesn't make sense to me because I didn't touch anything with socket.io and I am using the latest chrome version (23) which I know supports websockets (I am able to successfully connect to them with PHP-Websockets). It continues to use XHR instead, but I am really interested in getting the Websocket functionality working.
2.) When I go to localhost:8080 to connect to the chat server, it takes around 7-8 seconds for it to prompt me for my name and actually connect me to the server. I have a feeling this may be because it is reverting to XHR, but I don't really know much about it so I can't say. Any thoughts?
I saw this behaviour when using an older version of socket.io with later chrome builds (and other browsers also). It would timeout then fallback to xhr polling. To check your version of the socket.io library you are using, at your shell (linux/unix) type:
npm ls| grep socket.io
And it should tell you the version. The latest at this time is 0.9.13, which works.
If you are running the tutorial from http://psitsmike.com note that the package.json file hardcodes an older version of socket.io which doesn't work with the latest browsers.
Hope this helps.
I too was facing similar issues.
Your case -
Try deleting your cookies, sometimes the xhr-polling option once connected successfully is saved to cookies and reused every next time. Similar question answered here
Also debug - served static /socket.io.js sometimes come when the socket.io file is referred incorrectly inside the html or jade template file. Try correcting the script src link in case it wrong. It should be something like - var socket = io.connect('http://localhost:3000'); OR you can also try removing the link all together like this - var socket = io.connect();
Hope it helps.
I had the exact same issue. this might be old. but My setup is on digitalocean. what happens is that usually people who run node apps on one server use nginx for the port listen and node under its own dedicated port. nginx did not forward the websocket port to the node, only port 80 which nodejs was not initialised to begin with.
http://nginx.org/en/docs/http/websocket.html
You need to make sure your nginx is configured properly for this.
I just added the port to the io.connect directly connecting to the node server and avoiding nginx.
I have tried something with node.js in windows vista/IIS 7 using iis node. My idea is to use a server script on the asp .net mvc application to connect to another socket server and serve requests on a persistent fashion.
I downloaded the iisnode version at https://github.com/tjanczuk/iisnode for IIS 7 and able to run the basic 'hello world' http server pipe using http handler mappings in web.config and IIS modules configuration.
I am trying to use socket.io library from node.js. This works independently if I write a server and client. But fails when used with IIS node.
I am having problems going down further. Problems like
How to include the npm modules in the asp .net mvc project? I tried
putting the node_modules in the folder of node scripts, but that did
not help. Basically the require('socket.io') command works, but the
socket connection etc., simply fails.
How to have a socket
connection from client which will keep listening for updates from
server(like COMET) - As I said I am trying to use socket.io
Any body tried this before?
Reading back a few months ago, WebSocket support is not supported with Socket.IO under IIS, however long polling is.
This was a few months ago, and I'm running up against the same issue now and trying to resolve.
As Tomasz writes:
Please note that iisnode does not support websocket transport, but
using socket.io is still possible with other HTTP-based transports
like HTTP long polling:
io.configure(function() {
io.set('transports', ['xhr-polling']);
});
By the looks of it, as of Feb 23, 2012, this functionality is still not supported.
Do you need to go through IIS? Do you have the option of going with a pure Socket.IO/Node option, eliminating IISNode? If you need full WebSocket support with fallback capability, this looks like the only option, unless there are other suggestions?
This may or may not be related to your problem. I haven't done much with socket.io, however I was planing to do something very similar to what you're describing. When reading through the source for iisnode, I found the following code in cnodehttpmodule.cpp:
this->applicationManager->GetEventProvider()->Log(L"iisnode received a new http request", WINEVENT_LEVEL_INFO);
// reject websocket connections since iisnode does not support them
// http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-17#page-17
PCSTR upgrade = pHttpContext->GetRequest()->GetHeader(HttpHeaderUpgrade, NULL);
ErrorIf(upgrade && 0 == strcmp("websocket", upgrade), ERROR_NOT_SUPPORTED);
It looks to me as though if "websocket" is included in the header of the request, it will be rejected. I would need to read up on the websocket protocol to better understand exactly what this means.
I'll be the first to admit that I don't know overly well how websockets differ from a long running request. As I understand it, however, socket.io will work on older browsers that do not support websockets.
I recommend you try to set the transport to just xhr-polling or jsonp-polling. It kinda defeats the cool factor of using node.js but it might help you reach a resolution to your problem.
If your socket.io web application is hosted in an IIS virtual directory, socket.io configuration must be modified compared to a self-hosted case. Please see http://tomasz.janczuk.org/2013/01/hosting-socketio-websocket-apps-in-iis.html for details.
Also, as of version 0.2.x, iisnode does support WebSockets on Windows 8 and Windows Server 2012 with IIS 8. Check out http://tomasz.janczuk.org/2012/11/how-to-use-websockets-with-nodejs-apps.html for details.
I'm wondering how I could secure my socket.io connection to the server from th following.
Security Issues:
What would stop malicious users from connecting to the socket server via client side code?
Example:
OUTSIDE DOMAIN REQUEST var socket = io.connect('http://Mydomain', {port: 4000});
Users can seemingly create thousands of concurrent connections just by opening a different browser window.
How can I prevent these issues?
You should be able to check serverside that the HTTP referrer is correct. Check the socket.io spec for info on both http referring as well as handshaking.
https://github.com/socketio/socket.io-protocol
Also 0.8 has referrer verification. Havent used it before, but this may be a place to start looking:
https://github.com/LearnBoost/socket.io/pull/481
Well, if your (real) clients are coming from a well know location, you'd probably want to to block everyone else at the firewall level. Assuming your service is available to everyone, you can probably look into client-server handshake mechanism.