您可能认为这个问题可以标记为重复,但是我到处搜索并且没有找到想要的内容。
我正在开发一个离子反应应用程序,并使用nodejs服务器作为后端。我正在通过Websocket将客户端连接到服务器。我在客户端使用socketIO-client library,在服务器端使用https内置模块和快速框架。
当我使用 http 或 ws 连接时,一切正常。现在,我的应用已准备好投入生产,由于我想使用websocket,因此我要切换为https或wss。我是第一次这样做,这让我很困惑。
这是我的客户代码(由于我读到如果打算使用https / ssl,则应该这样做,所以我将安全性更改为true):
import socketIOClient from 'socket.io-client';
const socket = socketIOClient("wss://localhost:8000", { secure: true });
这是我的服务器代码:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var ws = require('ws').Server;
// This line is from the Node.js HTTPS documentation.
var options = {
key: fs.readFileSync('key.pem').toString(),
cert: fs.readFileSync('cert.pem').toString(),
};
var app = express();
var httpsServer = https.createServer(options, app);
var wss = new ws({
server: httpsServer
});
wss.on("connection", (socket) => {
console.log("client connected");
socket.on("message", (msg) => {
console.log("received: ", msg);
});
socket.on("disconnection", () => {
console.log("client disconnected");
})
});
httpsServer.listen(8000, () => {
console.log("server running on 8000");
})
我按照this example生成了ssl证书。 当我使用http时,我的代码运行正常,但是尽管我添加了ssl证书,但使用https / wss时却突然出现错误。
有趣的是,我在chrome中得到的错误与firefox中的错误不同。这是我在Chrome中遇到的错误(它甚至看起来像两个独立的错误):
Access to XMLHttpRequest at 'https://localhost:8000/socket.io/?EIO=3&transport=polling&t=NFuRgsF' from origin 'http://localhost:8100' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
polling-xhr.js:268
GET https://localhost:8000/socket.io/?EIO=3&transport=polling&t=NFuRgsF net::ERR_FAILED
这是我在Firefox中遇到的错误:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:8000/socket.io/?EIO=3&transport=polling&t=NFuR-Im. (Reason: CORS request did not succeed).
我尝试并禁用了所有的Borwser插件(例如adblock),但没有成功。我进一步尝试设置标头并配置cors(我在网上读到有关cors错误时发现了此信息):
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
//res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
但是,添加此代码并没有什么改变,并且错误仍然出现。我不知道该怎么办。也许这是一个愚蠢的问题,但是我是否还需要以某种方式在客户端提供证书?这是客户端还是服务器端的问题?