java Websockets over HTTPS 403 Forbidden
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29677418/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Websockets over HTTPS 403 Forbidden
提问by Jake C.
I am currently trying to setup HTTPS in my spring boot 1.2 application. This application uses a lot of websockets to communicate between two servers. When it is running on simple HTTP everything works fine but when I switch it over to HTTPS I get a 403 Forbidden error on both Firefox and Chrome (Haven't tested it on IE.) I have a SimpleCORSFilter setup that accepts all connections so I don't think that is the problem. All of the RESTful requests over HTTPS to the same server work, its just websockets that seem to be blocked.
Here is my WebSocket Spring Configuration
我目前正在尝试在 Spring Boot 1.2 应用程序中设置 HTTPS。此应用程序使用大量 websockets 在两台服务器之间进行通信。当它在简单的 HTTP 上运行时,一切正常,但是当我将其切换到 HTTPS 时,我在 Firefox 和 Chrome 上都收到 403 Forbidden 错误(尚未在 IE 上对其进行测试。)我有一个接受所有连接的 SimpleCORSFilter 设置,所以我不要认为这是问题所在。所有通过 HTTPS 发送到同一个服务器的 RESTful 请求都可以工作,它只是似乎被阻止的 websockets。
这是我的 WebSocket Spring 配置
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends
AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableSimpleBroker("/topic");
config.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/simulation").withSockJS();
}
}
Here is my front end websocket connection
这是我的前端 websocket 连接
socket = new SockJS(https://my.url + '/simulation');
stompClient = Stomp.over(socket);
stompClient.debug = false;
stompClient.connect({}, function(frame) {
stompClient.subscribe('/topic/', function(status){
// Do something with result
});
});
EDIT: This is the error in the Chrome Console
编辑:这是 Chrome 控制台中的错误
GET https://localhost:8090/simulation/info 403 (Forbidden)
stomp.js:8 Whoops! Lost connection to undefined
EDIT 2: This error seems to be a side effect of upgrading recently from spring boot 1.1 to spring boot 1.2. I will update when I pinpoint which one of the dependencies is causing the error.
编辑 2:此错误似乎是最近从 spring boot 1.1 升级到 spring boot 1.2 的副作用。当我查明哪个依赖项导致错误时,我会更新。
回答by Harry Cho
Try this:
试试这个:
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/simulation").setAllowedOrigins("*").withSockJS();
}
Be advised that allowing origin to all sources could impose Cross-Site Request Forgery. Refer to https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)for ways to defend against it.
请注意,允许所有来源的来源可能会造成跨站点请求伪造。有关防御方法,请参阅https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)。
