8

I'm using Node.js on port 8082 and Apache on port 80.

Everything works fine for a while and than the browser start to show error messages "400 Bad Request", CORS errors.

The server is setting the CORS headers. As you can see I'm also using Redis adapter.

var io = require('socket.io').listen(8082);
io.adapter(redis({ host: '127.0.0.1', port: 6379 }));
io.set('origins', 'domain.com:*');

Can't say why some times all works fine, some times don't. The error always occurs when Socket.io try to upgrade from pooling to websocket.

When I use the client from https://cdn.socket.io/socket.io-1.0.6.js I got less errors.

When I use a local reference for socket.io-1.0.6.js the errors occurs with more frequency. Can't find a error pattern.

After the erros, I restart the Node.js server, try a few requests, works for a while and again, errors. Some times works again without restarting the server.

Request headers sample

Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Cookie  io=RjKzZ6Y1OTQeSEsPAAAL; SGM_DESENV=cb5ae798c2f6f5d3f38c6ed16a6e4696
Host    200.238.251.79:8082
Origin  http://200.238.251.79
Referer http://200.238.251.79/maximiliano/sgp/admin/custodiacompartilhada/add
User-Agent  Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Response headers sample

Access-Control-Allow-Credentials    true
Access-Control-Allow-Origin http://200.238.251.79
Connection  keep-alive
Content-Length  101
Content-Type    application/octet-stream
Date    Fri, 25 Jul 2014 16:10:26 GMT
Set-Cookie  io=9OYcCmU24IyzrAS3AAAM

Error messages

NetworkError: 400 Bad Request - http://200.238.251.79:8082/socket.io/?EIO=2&transport=polling&t=1406304539856-2&sid=RjKzZ6Y1OTQeSEsPAAAL

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://200.238.251.79:8082/socket.io/?EIO=2&transport=polling&t=1406304539856-2&sid=RjKzZ6Y1OTQeSEsPAAAL This can be fixed by moving the resource to the same domain or enabling CORS.
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Maximiliano Nunes Catarino
  • 518
  • 3
  • 6
  • 13

1 Answers1

0

CORS does not allow wildcard in the domain name.

You either have to allow from all domain:

io.set('origins', '*');

or specify the port:

io.set('origins', 'http://200.238.251.79:8082');

(requesting on another port implies CORS)

Tug
  • 189
  • 10
  • This may have been true but not so anymore. See checkRequest https://github.com/socketio/socket.io/blob/master/lib/index.js It allows wildcards for the hostname or port. – Eddie Dec 31 '15 at 14:57