Skip to content Skip to sidebar Skip to footer
Home / Connection / Connection Refused / Content Security Policy / Javascript / Websocket

Javascript Create Websocket Connection Refused - Content Security

Post a Comment
Trying to open a WebSocket connection from a Browser to a server running on localhost:9000 here is my JS code: $( document ).ready(function() { var url = 'ws://localhost:9000/

Solution 1:

It seems like that page must be getting served with a Content-Security-Policy response header that has default-src http://localhost:9000 in its value.

Given that you can never use a CSP directive somewhere to apply a more-liberal policy than one applied from somewhere else, if you have a strict default-src http://localhost:9000 policy in the CSP header, it’ll be applied instead of any more-liberal policy you might have specified using a meta element in a document.

See the discussion about multiple policies in the CSP spec:

The impact is that adding additional policies to the list of policies to enforce can only further restrict the capabilities of the protected resource.

So I think you may need to change value of the Content-Security-Policy header to have default-src http: ws: connect-src ws:. You can’t do it with just a meta element.

Post a Comment for "Javascript Create Websocket Connection Refused - Content Security"