Documentation about CSP for websocket

[kyeshmz]

Hi, I am building a electron game that uses Ably Realtime. I need to add all the CSP headers for security reasons. It seems that it is hitting variations of wss://realtime.ably.io, such as a.ably.io , b., c., etc. Is there a list of CSP connect-src that I need to enable somewhere?

Related, but not the same https://faqs.ably.com/csp-rejection-to-internet-uptxt

┆Issue is synchronized with this Jira Task by Unito

[VeskeR]

Hi @kyeshmz !

For websocket connections library will attempt the next hosts by default: default is wss://realtime.ably.io, and fallback hosts in case of an error: wss://a.ably-realtime.com, wss://b.ably-realtime.com, wss://c.ably-realtime.com, wss://d.ably-realtime.com, wss://e.ably-realtime.com

For HTTP requests library will attempt the next hosts by default: default is https://rest.ably.io, and fallback hosts in case of an error: https://a.ably-realtime.com, https://b.ably-realtime.com, https://c.ably-realtime.com, https://d.ably-realtime.com, https://e.ably-realtime.com

And you should also add https://internet-up.ably-realtime.com for internet connection checks

[kyeshmz]

@VeskeR Hi, Thank you for the prompt reply! I think this is everything that I wanted to know! Hopefully documentation can be added about this somewhere.

[VeskeR]

Hey @kyeshmz ! Hope you're doing well! I forgot one more endpoint that is used by ably-js SDK: wss://ws-up.ably-realtime.com/ - used to check if websocket connectivity is available.

The official documentation for domains to whitelist is available here: https://faqs.ably.com/if-i-need-to-whitelist-ablys-servers-from-a-firewall-which-ports-ips-and/or-domains-should-i-add, with more in depth details too. We will think about adding a link or some mention of this to the ably-js repo README too.

[kyeshmz]

How do you differ from FAQ and documentation? Just seems like something that could be added in the docs website rather than for FAQ.