Html 未捕获的安全错误:无法构建“WebSocket”:可能无法从通过 HTTPS 加载的页面启动不安全的 WebSocket 连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28625351/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS
提问by Tiny
I am using GlassFish Server 4.1/Java EE 7. In my web.xml file, I mentioned the following security constraints.
我使用的是 GlassFish Server 4.1/Java EE 7。在我的 web.xml 文件中,我提到了以下安全限制。
<security-constraint>
<display-name>UserConstraint</display-name>
<web-resource-collection>
<web-resource-name>Provide a Name</web-resource-name>
<description/>
<url-pattern>/admin_side/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ROLE_ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
And the same for other authorities.
其他当局也是如此。
Since transport-guaranteeis set to CONFIDENTIAL, web pages that match the specified URL pattern /admin_side/*run over a secure channel (HTTPS).
由于transport-guarantee设置为CONFIDENTIAL,匹配指定 URL 模式的网页/admin_side/*通过安全通道 ( HTTPS) 运行。
While using WebSockets as follows (JavaScript),
在使用 WebSockets 如下(JavaScript)时,
var ws = new WebSocket("ws://localhost:8181/Context/Push");
it fails to establish an initial handshake. The browser shows the following warning on the browser console.
它无法建立初始握手。浏览器在浏览器控制台上显示以下警告。
[blocked] The page at 'https://localhost:8181/Context/admin_side/Category' was loaded over HTTPS, but ran insecure content from 'ws://localhost:8080/Context/Push': this content should also be loaded over HTTPS.
Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
When the <user-data-constraint>section from web.xml is removed in its entirely, web pages run on HTTP. After that, changing,
当<user-data-constraint>web.xml 中的部分被完全删除时,网页会在HTTP. 在那之后,改变,
var ws = new WebSocket("ws://localhost:8181/Context/Push");
to
到
var ws = new WebSocket("ws://localhost:8080/Context/Push");
works fine.
工作正常。
What might be done to make WebSockets work over a secure channel?
可以做些什么来使 WebSockets 在安全通道上工作?
回答by vtortola
Try with wss://, that indicates you want a secure websocket connection. The browser will prevent you from creating unsecure connections from secure pages, because it understands that since you requested the page with https://, there is a transport security requirement.
尝试使用wss://,这表示您需要安全的 websocket 连接。浏览器将阻止您从安全页面创建不安全的连接,因为它知道由于您使用 请求页面https://,因此存在传输安全要求。
If you have your WebSocket server running with yout Web server, it will probably use the same security certificate and you do not need to do anything. If it does not work, please check your WebSocket server documentation about how to add certificates and enabling wss://.
如果您的 WebSocket 服务器与您的 Web 服务器一起运行,它可能会使用相同的安全证书,您无需执行任何操作。如果它不起作用,请检查您的 WebSocket 服务器文档,了解如何添加证书和启用wss://.
