Josh Wilson Josh Wilson - 1 month ago 28
Javascript Question

Chrome Websockets CORS policy

I'm having trouble opening a websocket in Chrome. It seems that there is some CORS policy in chrome for websockets.

If I am on www.example.com and attempt to open the websocket at api.example.com it'll say pending on the console network tab, and will fire the onerror with a message

WebSocket connection to 'wss://api.example.com' failed: Connection closed before receiving a handshake response
. If I look at the server I do not see a request for a web socket connection being made, so there is no options request to respond to, or Ability to set an Access-Control-Allow-Origin header.
However if I first make a request to api.example.com which on the browser will redirect me back to www.example.com it'll work fine.

Are you required to use the same origin for websocket requests in chrome?

Note: this issue is only with chrome.

Answer

I came across this issue again. I still haven't figured out why, but making an options (or any other) request to the subdomain first allows the connection to be opened.

This only seems to be a problem with wss connections, and has popped up across multiple domains and certs.

Comments