Menu
I am currently trying to setup HTTPS in my spring boot 1.2 application. This application uses a lot of websockets to communicate between two servers. When it is running on simple HTTP everything works fine but when I switch it over to HTTPS I get a 403 Forbidden error on both Firefox and Chrome (Haven't tested it on IE.) I have a SimpleCORSFilter setup that accepts all connections so I don't think that is the problem. All of the RESTful requests over HTTPS to the same server work, its just websockets that seem to be blocked.
Here is my WebSocket Spring Configuration
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends
AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableSimpleBroker("/topic");
config.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/simulation").withSockJS();
}
}
Here is my front end websocket connection
socket = new SockJS(https://my.url + '/simulation');
stompClient = Stomp.over(socket);
stompClient.debug = false;
stompClient.connect({}, function(frame) {
stompClient.subscribe('/topic/', function(status){
// Do something with result
});
});
EDIT: This is the error in the Chrome Console
GET https://localhost:8090/simulation/info 403 (Forbidden)
stomp.js:8 Whoops! Lost connection to undefined
EDIT 2: This error seems to be a side effect of upgrading recently from spring boot 1.1 to spring boot 1.2. I will update when I pinpoint which one of the dependencies is causing the error.
617
You can't use WebSockets over HTTPS, but you can use WebSockets over TLS (HTTPS is HTTP over TLS). Just use "wss://" in the URI.
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it... If authentication credentials were provided in the request, the server considers them insufficient to grant access. The 403 response belongs to the 4xx range of HTTP responses: Client errors.
Try this:
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/simulation").setAllowedOrigins("*").withSockJS();
}
Be advised that allowing origin to all sources could impose Cross-Site Request Forgery. Refer to https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) for ways to defend against it.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
