Reputation: 4745
Firefox Websocket security issue
We have a websocket server on port 8080 setup on a Linode box. Chrome and Opera work just fine. Firefox however complains that the operation is insecure.
"The operation is insecure: Code 18"
If I try to create a new WebSocket object in the web console before the page is loaded everything is fine. However, after the page loads something is screwy then I cannot create the object anymore. See the attached screenshot.
I have no idea what operation is insecure or even how to go about diagnosing this.
Upvotes: 65
Views: 91082
Answers (6)
Reputation: 13162
Beside secure ssl context and cross-origin policies, assigning some port can trigger the error as well.
What are valid http ports for Firefox? I don't know precisely, but have to be between 1500 and 64000, or the console will display:
SecurityError: The operation is insecure.
And http links will say:
This address is restricted
This address uses a network port which is normally used for purposes other than Web browsing.
Firefox has canceled the request for your protection.
Upvotes: 0
Reputation: 11
Open "about:config" url in firefox. Search for allowInsecureFromHTTPS and set it to true
Upvotes: 1
Reputation: 631
Had the same problem and attempted to fix by changing network.websocket.allowInsecureFromHTTPS in about:config which did not work.
Ended up finding this post => Unhandled Rejection (SecurityError): The operation is insecure. On a fresh create-react-app project
Changing this in index.js ended up working for me
serviceWorker.register();
//serviceWorker.unregister();
Upvotes: 0
Reputation: 969
As you point out in another answer, https:// to ws:// is disallowed by default on firefox.
Going to firefox's about:config and toggling network.websocket.allowInsecureFromHTTPS will get rid of the SecurityError.
Upvotes: 94
Reputation: 4745
I fixed this. The app itself is under SSL but the websocket being accessed is not. Chrome and Opera don't care but Firefox does. According to:
https://bugzilla.mozilla.org/show_bug.cgi?id=303952
This is known and is not considered a bug. Mozilla's response: wontfix
Solution, put websocket server under SSL and use wss://
Upvotes: 68
Reputation: 609
This is a hunch based off limited info, and I probably should put this into a comment, but I don't have enough reputation points to do that yet.
Looking at your log, it seems as if 24 seconds are passing from the receipt of [object Websocket] (time 17:46:36.683) until you get The connection to ws://.....(time 17:47:00:952) error message.The long delay leads me to believe that the server could be timing out and closing the websocket connection. Look at this answer for a potential solution.
Upvotes: 0
Related Questions
- Secure WebSocket (wss://) doesn't work on Firefox
- Can not established Websocket secure connection on Firefox
- Websocket Security
- WebSockets authentication
- WebSockets in firefox
- Websockets and security
- Firefox 29.0.1 WebSocket problems
- Websockets issue
- Cross Domain Websocket connection causing a NS_ERROR_DOM_SECURITY_ERR
- Firefox WebSockets