WebSocket connection fails on Chrome without SSL

Question

I'm setting up a WebSocket between a standard web page and a Tomcat v7.0.62 server. The connection works fine with Tomcat SSL turned on/off on Firefox, Edge and IE11. However, in Chrome (v66.03), the websocket only connects when I've turned on SSL on the server and connect via https. In Chrome, when I turn SSL off on the server and try to connect via http, it throws an error.

Here's the error Chrome throws when trying to connect via http with SSL turned off on Tomcat...

Error in connection establishment: net::ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION

Here's my WebSocket connection code on the client...

var wss = "wss://";
if (document.location.protocol === "http:") {
   wss = "ws://";
}
var wsURL = wss + document.location.host + "/status?sessionId=<%=session.getId()%>";

Is this something Chrome specific that needs special code on non-https websocket connections?

Answer 1

This is a Chrome specific behavior. Chrome doesn't allow unsecure websocket (ws) connections to localhost (only wss, so you should setup a TLS certificate for your local web/websocket server). But the same should work without any issues in Firefox and other browsers.

Please refer the Chrome bug report on Chromium regarding this issue. This particular problem is intentional, and they have made this change to make Chrome more secure by preventing attacks against internal network devices and processes listening on localhost.

https://bugs.chromium.org/p/chromium/issues/detail?id=378566

Answer 2

Error in connection establishment: net::ERR_PROXY_AUTH_REQUESTED_WITH_NO_CONNECTION

It seems you might have a proxy with authentication in the middle, between the clients and the service. Depending on the proxy and clients configuration, it might let through SSL connections, but plain http will get filtered.