WebSocket on loopback : Cross zone connection not allowed error on MS Edge

Question

I have a script which uses websocket on loopback. Since website is served over the internet and websocket over intranet, I observe "SCRIPT12017: WebSocket Error: SECURITY_ERR, Cross zone connection not allowed" in Microsoft Edge. I observe similar problem in Internet explorer as well. IE and MS Edge categories URLs into different zones, each with unique privileges and hence does not allow cross zone connections.

Can I solve this by enabling CORS (Cross Origin Resource Sharing) or CORS works only for different origins from same zone. Or is there any other solution to this problem without altering any settings on the client device?

Answer 1

This may not answer your question, but useful for others.

Here are 2 changes that helped me fix the issue and establish a localhost WebSocket connection.

1. In the Control Panel - Internet Option, select the Security Tab. In the Security tab, select Local intranet zone. Click on Sites button and uncheck all checkboxes in Local intranet dialog. OR
2. In the Control Panel - Internet Option, select the Security Tab. In the Security tab, select Local intranet zone. Click on Sites button and then on Advanced button in the Local intranet dialog, add the required web address to the same zone as localhost.

Answer 2

When you instantiate socket.io in your browser js, use 127.0.0.1 instead of localhost.

const socket = io("http://127.0.0.1:3000");

instead of

const socket = io("http://localhost:3000");

Answer 3

you may find the answers here

Microsoft Edge does not allow localhost loopback for websockets

Or you may run this on your command prompt

CheckNetIsolation LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe"