search

vahidhedayati / grails-wschat-plugin

Grails websocket chat Plugin provides a multi-chat room add-on to an existing grails based site. provides: Private Messaging/WebRTC/Offline PM + room booking/reservations. Websocket TicTactoe. Add Live Chat to your Grails application
http://grails.org/plugin/wschat
Apache License 2.0
22 stars 10 forks source link

Secure Connection to Websocket required for WebRTC in Chrome 47 or newer #17

Closed dsgrafiniert closed 8 years ago

dsgrafiniert commented 8 years ago

As of Chrome 47, HTTPS is required for accessing getUserMedia. However, when starting Grails in https mode, the following error message appears, when accessing wsChat (3.0.12):

Mixed Content: The page at 'https://..../wsChat/authChat' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://.../WsChatEndpoint/wschat'. This request has been blocked; this endpoint must be available over WSS.(anonymous function) @ authChat:633 authChat:633 Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.

I would recommend a configuration flag to enable connections through WSS or even better: recognize, if grails started in https or in http mode and configure the protocol of the WebSocket automatically.

Thank you in advance.

vahidhedayati commented 8 years ago

it has been in my to do list i.e. allowing definition of protocol to override defined ws:// url in the bean so it can be wss://.

I will look into it at some point soon thanks.

vahidhedayati commented 8 years ago

wss:// connections are now possible. Please try 3.0.13 release of wschat plugin. Just released now. It may a moment before its available fully publicly.

Please refer to https://github.com/vahidhedayati/testwschat3wss as a sample site using wss.

It explains new configuration items required that needs to be added to application.groovy as well as other links around ssl. Personally I could not get ssl working under grails dev mode and the use of tomcat keytool to generate ~/.keystore file.

The files all got generated fine and I even added it to the JRE/lib/cacerts file all ok. I just think it may be case of mis configuration for a start all the fields in my ssl sample were blank. I know it has to be bound to a domain etc. Probably best for a proper certificate test.

vahidhedayati commented 8 years ago

I haven't heard back from you wss has been rolled out and there are notes under the main README.md for what to do for apps 3.0.9 +. If this is still an issue let please re-open