candy-chat / candy

JavaScript-based multi-user chat client for XMPP.
http://candy-chat.github.io/candy
MIT License
1.33k stars 370 forks source link

Prosody fails to login with Prosody 0.10 both BOSH and Websocket #476

Open stevenroose opened 8 years ago

stevenroose commented 8 years ago

I have both BOSH and Websockets setup for my domain (I cannot test them however, but Kaiwa used to work in the past).

This is what happens:

These are the Prosody logs during the login attempts: https://gist.github.com/stevenroose/b278c00bc9a1ce9ba57fe75b54f06079

richardjs commented 8 years ago

I encountered this issue using Prosody 0.9.10. It also appears to be described in issue #439. I was able to fix it by setting consider_bosh_secure = true; in the global configuration--I'm proxying to bosh on the local server, so there's no security issue.

I also was able to fix it by changing c2s_require_encryption = false;, but that's obviously not ideal if you wanted it set to true in the first place.

According to the other thread, you can also use bosh over HTTPS to fix the issue, but I didn't try it myself.

Zash commented 7 years ago

With Candy debugging enabled, I see the following:

[Strophe][INFO]: Websocket open
SENT: <stream:stream to='localhost' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>

That's not how you open an XMPP-in-WebSocket stream according to RFC7395. It changed in draft-ietf-xmpp-websocket-01 to sending a self-closing <open /> element, due to concerns about lack of streaming XML parsers in browser.

Thus, this is a strophe issue.

Zash commented 7 years ago

Looks like this should be fixed by updating Strophe.js to 1.2.0 or later.