Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Websockets over HTTPS 403 Forbidden

Tags:

java

spring

https

websocket

web

I am currently trying to setup HTTPS in my spring boot 1.2 application. This application uses a lot of websockets to communicate between two servers. When it is running on simple HTTP everything works fine but when I switch it over to HTTPS I get a 403 Forbidden error on both Firefox and Chrome (Haven't tested it on IE.) I have a SimpleCORSFilter setup that accepts all connections so I don't think that is the problem. All of the RESTful requests over HTTPS to the same server work, its just websockets that seem to be blocked.
Here is my WebSocket Spring Configuration

@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends        
    AbstractWebSocketMessageBrokerConfigurer {
    @Override
    public void configureMessageBroker(MessageBrokerRegistry config) {
        config.enableSimpleBroker("/topic");
        config.setApplicationDestinationPrefixes("/app");
    }
    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
        registry.addEndpoint("/simulation").withSockJS();
    }
}

Here is my front end websocket connection

   socket = new SockJS(https://my.url + '/simulation');
   stompClient = Stomp.over(socket);
   stompClient.debug = false;
   stompClient.connect({}, function(frame) {
        stompClient.subscribe('/topic/', function(status){
                  // Do something with result
        });
   });

EDIT: This is the error in the Chrome Console

GET https://localhost:8090/simulation/info 403 (Forbidden)
stomp.js:8 Whoops! Lost connection to undefined

EDIT 2: This error seems to be a side effect of upgrading recently from spring boot 1.1 to spring boot 1.2. I will update when I pinpoint which one of the dependencies is causing the error.

like image 617
Jake C. Avatar asked Apr 16 '15 14:04

Jake C.

People also ask

Are WebSockets over https?

You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.

Why do I get HTTP 403 forbidden?

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it... If authentication credentials were provided in the request, the server considers them insufficient to grant access. The 403 response belongs to the 4xx range of HTTP responses: Client errors.

1 Answers

Try this:

@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
    registry.addEndpoint("/simulation").setAllowedOrigins("*").withSockJS();
}

Be advised that allowing origin to all sources could impose Cross-Site Request Forgery. Refer to https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) for ways to defend against it.

like image 190
Harry Cho Avatar answered Oct 06 '22 08:10

Harry Cho
Sign in to Comment

Related questions

Spring is picking an interface implementation out of many, on its own?
Convert hexadecimal string to IP Address
What does the number after //$NON-NLS- mean
Serializing array with Jackson
Going back to the first index after reaching the last one in an array
The type of the expression must be an array type but it resolved to ArrayList (trying to compare string in two arrays
Should I use less local variables or bet on conciseness? [closed]
Java / Jetty: How to Add Filter to Embedded Jetty
How to generate random graphs?
how to perform search on Arabic text in JAVA?
Java Websocket Client without a Browser
difference between %20 and %2 in url
Intent to choose between the camera or the gallery in Android
What's a regex that matches all numbers except 1, 2 and 25?
Getting Duration using the new dateTime API
Resolve Java Checkstyle Error: Name 'logger' must match pattern '^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$'
Why must the entity name immediately follow the '&' in the entity reference appearing for the XML?
Advantages of creating an ArrayList with initial capacity of 0?
How to find correlation between two integer arrays in java
Remove a String Item from a List of Strings

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!