Can CORS be configured for Websocket?

Asked

Viewed 295 times

12

I have an application that needs to communicate via Websocket with two servers each on their own independent domain.

It is possible to configure CORS to allow this double and simultaneous communication ?

1 answer

7

Information about Websockets and the same origin policy is scarce (and conflicting), but everything indicates that they nay are subject to that policy, and therefore can be used to communicate with other domains.

According to the wikipedia, the protocol of Handshake of the Websockets requires that a header Origin next to the request, and the server must then decide whether or not to accept a connection to that source. It also seems that there are differences between trying a connection using the protocol http(s) or the protocol ws(s) - and the use of either has implications for application security (i.e. in the case of http at least authentication cookies are sent).

  • Thank you @mgibsonbr. Since I need this in a specific environment (two different Tomcat 7 servers) do you have any idea how I can test if it works, or how can I open two HTTP requests in the same section of the browser ? I have to wear iframes ?

  • 1

    I don’t have enough experience to say for sure, but wouldn’t it be a simple matter to create the web socket by passing the desired domain? On your page: var ws1 = new WebSocket("ws://www.example.com/socketserver"); var ws2 = new WebSocket("ws://www.example.net/socketserver");. I don’t know how it would be using protocol http instead of ws, but it should work the same. By the way, I forgot to mention in the answer, Origin who arrow is the browser, not the JS code.

  • 1

    When passing via HTTP(s) the server uses a Pushstream communication fallback that behaves similarly to the Ws protocol.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.