Websocket return 403 upon upgrade request ?

Question

Websocket return 403 upon upgrade request ?

AlwaysNoobCoder opened this issue 2 years ago · 4 comments

Hello, I am using vitejs which use this library.

I configed vite to proxy my websocket endpoint like below:

server: {
      host: "portal-local.itps.xxx.com",
      port: Number(env.VITE_APP_PORT),
      open: true,
      https: {
        key: fs.readFileSync(
          "/home/ggfan/2-work/git/itps/1A-IaaS-Manifests/kubernetes/1.27/ssl/certs/itps.xxx.com/privkey.pem"
        ),
        cert: fs.readFileSync(
          "/home/ggfan/2-work/git/itps/1A-IaaS-Manifests/kubernetes/1.27/ssl/certs/itps.xxx.com/fullchain.pem"
        ),
      },
      proxy: {
        ["/pus"]: {
          changeOrigin: true,
          target: "http://localhost:8080",
          // secure: false,
          rewrite: (path) => path.replace(/^\/pus/, ""),
          /*
          cookieDomainRewrite: {
            "itps.xxx.com": "localhost",
          },
          */
          configure: proxyConfig,
        },
        ["/ws"]: {
          changeOrigin: true,
          target: "http://localhost:8080",
          ws: true,
          secure: false,
          rewrite: (path) => path.replace(/^\/ws/, ""),
          configure: proxyConfig,
        },
      },
    }

but when connecting to it in browser:

SEAExportDialog.vue:104 WebSocket connection to 'wss://portal-local.itps.xxx.com:3000/ws/export/sea/users' failed:

using wireshark it shows that vite's proxy server returned 403:

GET /ws/export/sea/users HTTP/1.1
Host: portal-local.itps.xxx.com:3000
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://portal-local.itps.xxx.com:3000
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9
Cookie: _oauth2_proxy=X29hdXRoMl9wcm94eS00ZWU3OTM2NTIwYWYxNjBjNjZlNGQ4ODJkNTA0OGE4Yy5NM0FOUzVJRlBTV2JkN1g2Zlh6RWtB|1713431461|XkFGp00nkvsob926le3vxJ61wpGV44gtE1GeZcl4eEg=
Sec-WebSocket-Key: FLMsmXSIxrT0bV1TA8yd/Q==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: WebSocket

HTTP/1.1 403 
content-length: 0
date: Thu, 18 Apr 2024 09:24:37 GMT

I asked help in vitejs's repo, but get ignored.

I really hope can get some help here.

best regards.

Answer 1 · 2024-04-19T02:58:25.000Z

I fixed this by allow * orgins

Answer 2 · 2024-04-30T10:18:20.000Z

I fixed this by allow * orgins

@AlwaysNoobCoder Do you mean you configured your socket server to accept all origins?

I have a similar issue vitejs/vite#16557 where the changeOrigin setting does have any effect and the origin does not match the target host which is recommended in RFC 6455

Answer 3 · 2024-05-06T06:37:08.000Z

I fixed this by allow * orgins

@AlwaysNoobCoder Do you mean you configured your socket server to accept all origins?

I have a similar issue vitejs/vite#16557 where the changeOrigin setting does have any effect and the origin does not match the target host which is recommended in RFC 6455

Yes, I configured my socket server to accept all origins

Answer 4 · 2024-05-14T15:57:19.000Z

I think this was a regression. See #1669