I have been trying to setup a server where users can send sign in using websockets, but I don't want to do this using ws. I want to be able turn on wss without having https. Sadly, there aren't any options to do this. And so the question is how would one do this on the client side without using https protocol.
Is it possible to force socket.io to use wss instead of ws, without having to change to https?
29k views Asked by Kitanga Nday At
2
There are 2 answers
2
Brilliand
On
Yes, this is possible. To do this, pass your websocket URL to the socket.io client directly, like this:
var socket = io('wss://example.com/');
Note that the reverse is not possible: while there's nothing to prevent HTTP pages from creating WSS connections, most browsers today block any WS connection from an HTTPS page to enforce the heightened security.
I would also caution that a websocket opened over WSS is still no more secure than the page it originated from. If you're using WSS for its security benefits, be advised that all that security could be for naught if an attacker overrides your page at the time that it's loaded (which HTTPS would prevent).
Related Questions in JAVASCRIPT
- Using Puppeteer to scrape a public API only when the data changes
- inline SVG text (js)
- An array of images and a for loop display the buttons. How to assign each button to open its own block by name?
- Storing the preferred font-size in localStorage
- Simple movie API request not showing up in the console log
- Authenticate Flask rest API
- Deploying sveltekit app with gunjs on vercel throws cannot find module './lib/text-encoding'
- How to request administrator rights?
- mp4 embedded videos within github pages website not loading
- Scrimba tutorial was working, suddenly stopped even trying the default
- In Datatables, start value resets to 0, when column sorting
- How do I link two models in mongoose?
- parameter values only being sent to certain columns in google sheet?
- Run main several times of wasm in browser
- Variable inside a Variable, not updating
Related Questions in SOCKETS
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- My server TCP doesn't receive messages from the client in C
- how is strncpy able to copy from source to empty destination?
- Python Multicast packet receiver stops receiving multicast packets when computer is connected to WiFi
- Python Client-Server Communication with Protocol
- Reversed TLS re-connection issue
- Android 13 & 14 seem to close WebSocket connection, if i put app in background, after ~20s
- Java SocketException: Connection reset,. What is the cause?
- Multipart/form-data with chunked data transfer (ICAP protocol)
- View Socket View
- Client connection timeout during Android & Windows PC communication via sockets
- Browser connect to raw sockets even possible?
- Protocol 43200 after unpacking received data
- Unity SocketIo using Best http2 plugin want to use in webgl
- How does pre-allocating a pool of SocketAsyncEventArgs objects upfront improve the performance of a server application in c#
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in SOCKET.IO
- How to Socket.IO Multithreading on a Raspberry Pi?
- Error while uploading the socket io chat app
- Socket.io nodejs server .NET connection
- Getting an error in Socket.io wordle project
- User is connecting to socket.io server twice
- Using Bun+Elysia+socket.io together
- Socket.io event doesn't emitting from client itself client
- Socket.io not emitting event to node server on react native
- My socket.io web socket application is not sending data to some users
- Web RTC simple peer connection with socket.io could not be established
- socket io working fine on local environment but causes problem when run using deployed site
- rasa not responding when setting the value of session_persistence: true using socket
- open-telemetry observable gauge in js - how to access field used in observable gauge inside socket.io method
- Socket io not working during deployment on vercel
- Socket.io Deployment
Related Questions in WSS
- wss websocket over nginx
- Vue frontend stopped working after migrating to https
- HTTP 500 Error with Delphi Indy SOAP WSSE
- Howto use MQTTNET with WSS
- Receiving websocketstream C++ using uWebSockets
- Node MQTT client cant connect over wss
- WSS Audio issue in freeswitch behind a NAT
- how to make websocket for secure using wss
- Server Error on connection using Socket IO
- Websocket connection closed. An error occurred: object of type 'NoneType' has no len()
- I can't connect to wss mosquitto
- How to connect firebase hosting with wss mosquitto?
- Apache config for wss websocket connection
- Secure WebSocket SSL certificate installation in Cocos Creator 3.8+
- What are some efficient ways to manage web socket connections?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
From the Websocket protocol specification:
Emphasis mine
Now you can understand the absurdity of your request: wss is https.
Of course the terminology is wrong (https is a different protocol than wss) but the bottom of the line is that both are simply the version of their respective TCP plain protocols (http and ws) over TLS.
So the answer is no.
As a matter of fact security is a complex thing.
Very experienced programmers refrain from inventing or exploring new ways and, based on the kind of question you asked, you don't appear to have much expertise this field.
So it's better to do things as best-practices say, it they say to use "https" use "https".
Starting studying security seriously (or hiring a contractor) is advised, inventing new ways to perform secure authentication is not, unless you have a PhD in abstract algebra and several years of experience in developing cryptographic schemes.