Faye supports cross-domain subscription. Here is an excerpt from their docs:
Cross-domain operation
Faye clients and servers transparently support
cross-domain communication, so your client can connect
to a server on any domain you like without further configuration.
Anyone knows how it achieves it?
Faye uses JSONP to send a handshake request to the server when it's cross-domain, as the author of Faye explains in his reply here. It then selects a new transport from a list, in order of preference: WebSocket, EventSource, XHR, CORS and JSON-P. Note that WebSockets, once established, can also work cross-domain as previously discussed here.
Related
Is there a way to perform GET and POST requests using only socket.io-client? Regardless of the server framework.
Something like socket.emit('/endpoint', req).
You are confusing Websocket protocol with HTTP (another protocol). GET and POST are HTTP methods and have nothing to do with Websockets.
The only similarity between Websocket and HTTP is, that both are using TCP on the layer below.
We are using IIS and ISAPI DLL's to deliver our web application. We can see the websocket upgrade request coming from the browser in our ISAPI application. We could accept the request and pass the connection to a thread to continue the conversation. The thread would now be the "websocket server" so in this sense we are able to handle incoming http (and https on 443) then switch from http to websocket, is that right?
I am assuming Microsoft's implementation of websockets only works with asp.net?
Some people have said to me "put the websocket server on a different port and have the javascript connect to that port." But, then the websocket server is not using HTTPS (SSL).
For example:
var socket = new WebSocket('ws://echo.websocket.org');
I have lots of books and examples but this simple issue is eluding me.
The thread would now be the "websocket server" so in this sense we are able to handle incoming http (and https on 443) then switch from http to websocket, is that right?
Yes, if the client side send the request which contains the Upgrade: websocket, the websocket serve will switch from http to websocket.
I am assuming Microsoft's implementation of websockets only works with asp.net?
If you means the websocket .net library, it will just work with .net application like asp.net, it is developed based on the .net framework.
For example: var socket = new WebSocket('ws://echo.websocket.org');
As far as I know, the websocket also contains the secure connection like https.
Like below image shows:
More details about the difference between http and websocket, you could refer to below article:
https://developerinsider.co/difference-between-http-and-http-2-0-websocket/
I am trying to implement user authentication in an application that primarily uses WebSockets, but I am unsure how to begin.
I am using the Gorilla mux and websocket packages.
I have thought about using the method described here (files main.go and auth.go), but does this approach secure against authenticated users somehow hijacking each others sockets like described in this article?
Can someone suggest a good method or package(s) in Go?
Authenticate as you would for a plain HTTP request before upgrading the connection to the WebSocket protocol. Use whatever methods or packages you would use for plain HTTP requests.
A WebSocket connection can be hijacked to the extent that a plain HTTP connection can be hijacked. The WebSocket protocol does not introduce any new issues here.
Socket.io is a layer above WebSockets, long-polling and other techniques for sending events from the server to a browser client. Issues with Socket.io do not necessarily apply to direct use of a WebSocket.
As their faq states, socket.io supports cross-domain connections on every browser.
Could someone tell me, if cross-domain-communications then uses a particular transport mechanism like long-polling, or does it work with all supported mechanisms.
Annother thing is var socket = io.connect('http://localhost');. This is used the client to connect to the socket.io server. As this establishes a connection by WebSockets, longpolling, etc.. the above connect method itself uses a regular http request. Would not at least this request violate the same origin policy?
I just tested it in IE 8 and FireFox 14:
Cross-domain works for
jsonp
xhr-polling
Websocket
flashsocket
Cross-domain does not work for
htmlfile
htmlfile btw in general only works in IE, whereas websocket does not work in IE (< 10). flashsocket does not work in browsers that support websocket, which is why I tested that one in IE8 only.
I was looking into Faye and socket-IO, socket-IO degrades to websockets, flash sockets, JSONP and such, but what are all the supported transport methods faye supports? Does it support flashsockets? Also does it support Multi-channels?
protocols folder on github
Websocket, xhr, JSONP.
It also has CORS which seems to be something to do with Cross origin resource sharing
No sign of flash sockets so far.
Faye uses WebSocket, XMLHttpRequest, CORS and JSON-P in order of preference. Each client can subscribe to as many channels as you like.