HTTPS does not work correctly when using socketCluster.connect(options);
Closed this issue · 3 comments
If you use .connect the way the documentation says you should, the protocol has no effect on what the system does. After inspecting the code I saw I had to add secure: true to the option object. But it should have deducted that from inspecting the protocol.
I wasn't able to reproduce this issue.
This is what my server.js looks like:
var SocketCluster = require('socketcluster').SocketCluster;
var socketCluster = new SocketCluster({
balancers: 1,
workers: 1,
stores: 1,
port: 8000,
appName: 'myapp',
workerController: __dirname + '/worker.js',
balancerController: __dirname + '/balancer.js',
storeController: __dirname + '/store.js',
addressSocketLimit: 0,
socketEventLimit: 100,
rebootWorkerOnCrash: true,
protocol: 'https',
protocolOptions: {
pfx: require('fs').readFileSync(__dirname + '/certificate.pfx'),
passphrase: ''
}
});On the client I have:
var options = {
protocol: location.protocol.replace(/:$/, ''),
hostname: location.hostname,
port: 8000,
autoReconnect: true
};
// Initiate the connection to the server
var socket = socketCluster.connect(options);When I go to https://localhost:8000/
It shows me a SSL warning page (as expected - since I'm using a self-signed cert), I click OK and then it appears to work fine.
I opened the network tab on the Chrome developer panel and the socket handshake was https:// and the WebSocket connection was wss:// which is correct.
I added a console.log(this.secure); inside socketcluster.js and it output true.
There must be a difference between our code which makes it not work for you.
The logic for setting the this.secure based on protocol is in engine.io so this could be an engine.io-client bug.
The port should be 443, and I am connecting to another domain too (CORS).
Ah yes, the example script on the socketcluster-client GitHub page only applies for same-domain connections. As you mentioned, you do have to use different settings if you want to do cross-domain requests. That's definitely something we should mention in the documentation - It is a common use case.