How to enable CORS for web sockets using ws library in node js?

Question

I am trying to create a web socket using the ws in node js. I have two questions:

I do have an idea that CORS is not available for web sockets but is there a way I can still enable them?
How I can extend the code to implement Client authentication ? Currently, I can use "wss" but I want to authenticate the client using the certificate.. How can I do that ?

Server.js Code

const { WebSocketServer } = require('ws');
const { createServer } = require('https');
const { readFileSync } = require('fs');

function startServer() {

 const server = createServer({
   cert: readFileSync('server_cert.pem'),
   key: readFileSync('server_key.pem'),
 });
const wss = new WebSocketServer({ noServer: true });

server.on('upgrade', (request, socket, head) => {
  authenticate(request, (err, client) => {
  if (err || !client) {
    socket.write('HTTP/1.1 401 Unauthorized

');
    socket.destroy();
    return;
  }

  wss.handleUpgrade(request, socket, head, (ws) => {
    wss.emit('connection', ws, request, client);
   });
  });
});
server.listen(7070);
}

Jaspreet Chhabra · Accepted Answer

I achieved CORS validation and Certificate based Client Authentication using the following Server side code:

const server = createServer({
  cert: readFileSync(config.certs.sslCertPath),
  key: readFileSync(config.certs.sslKeyPath),
  ca: [readFileSync(config.certs.caCertPath)],
  requestCert: true,
});
const wss = new WebSocketServer({ noServer: true });

server.on('upgrade', (request, socket, head) => {
  const origin = request && request.headers && request.headers.origin;
  const corsRegex = /^https?:\/\/(.*\.?)abc\.com(:\d+)?\/$/g
  if (origin && origin.match(corsRegex) != null) {
    wss.handleUpgrade(request, socket, head, (ws) => {
      wss.emit('connection', ws, request);
    });
  } else {
    socket.destroy();
  }
});

How to enable CORS for web sockets using ws library in node js?

Answers (1)

Related Questions