Web Socket issue when running through reverse proxy

[marisks]

In our project, we are using a reverse proxy so that we can use domain names for our sites in development. The connection between the reverse proxy and ASP.NET sites is insecure, but the connection between a client (browser) and the proxy is secure.

Reverse proxy sets X-Forwarded-For and X-Forwarded-Proto headers so that the app should know the scheme of the request. ASP.NET app also is configured to use these headers:

app.UseForwardedHeaders(new()
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

Live Reload does not take it into account and we get this error:

We are using version 0.3.6

[RickStrahl]

Not sure how this needs to get resolved.

I'm assuming we're talking about the decision on how the socket gets created either as a secure or unsecure socket which currently is based on the current host request. So if the current request is secure the socket request is also made securely and that's determined on the client (which may not have access to the headers).

I guess I'm not sure what should happen here exactly. Can you take me through this? It seems to me whatever the client page is running, that's what the socket should use. It's not actually possible to call a non-secure socket from a secure page or vice versa as far as I know - it has to stay in the same security scope.

[marisks]

Sorry, my fault. The issue was that I have called UseLiveReload before UseForwardedHeaders. Once I changed the order, everything started to work.