Refused to connect to ws, because it violates the document's Content Security Policy


#1

Hi,

Any idea how to deal with the follwing problem?

SecurityError: Failed to construct 'WebSocket': Refused to connect to 'ws://10.7.25.12:888/ws?
SESSION_SIGNATURE=04c03cea592ec8aa0fb837c2' because it violates the document's Content Security Policy.

The “wsServer” section of {{ubConfig.json}}:

"wsServer": {
    "host": "+",
    "port": "888",
    "path": "ws",
    "pingTimeout": 30
},

And “httpServer” is:

"httpServer": {
    "host": "+",
    "port": "888",
    "protocol": "http",
    "headersPostprocessors": ["#include(%UB_HOME%/defHeadersPostprocessors.json)"],
    "allowCORSFrom": "*",
    ...

?

ub -http register outputs the following:

Load server configuration...
Used config: D:\app-server\ubConfig.json
All paths inside config is relative to D:\app-server\
Operation success for URL: http://+:888/
Operation success for URL: ws://+:888/ws

#2

The source of the problem is in “+” in HTTP server URL config. To create a Content-Security-Policy rules server use a App.serverURL (click for source).
In case server configured to use all interfaces (+ in config), we decide App.serverURL="...localhost.."
But you try to load a page from http://10.7.25.12:888, and this violates a CSP.

Solution is to use the same host name as you type in browser to access a page (“10.7.25.12” in your case) for both wsServer.host && httpServer.host

Don’t forget to register new URLs in HTTP.SYS routing table

ub -http register

#3

Yes, it looks that it was it. After I specified the specific interface, the bug went away.
Thank you!