1

On my server I'm running gorilla web socket in go and I'm trying to connect from phonegap application with following javascript code:

var conn = new WebSocket("ws://IP:8080/ws");

but I'm getting this error: websocket: origin not allowed on my server.

Is there anything I can do to solve this?

Maybe another phonegap library or fix/update for this kind of connection?

I have tried many examples of phonegap script but non of them worked.

I would like to use that gorilla websocket plugin on my server but as things stand now that is not possible. Thank you

iWizard
  • 6,816
  • 19
  • 67
  • 103
  • can you have a http dump? especially compare to non-phonegap client – Jiang YD May 09 '16 at 07:10
  • @JiangYD - how can I do that? – iWizard May 09 '16 at 07:12
  • tcpdump in your server, to capture the port your server listening – Jiang YD May 09 '16 at 07:16
  • @JiangYD - I have made "tcpdump port 8080", here is ss when phonegap tried to connect: https://www.dropbox.com/s/5tg7icq6gngd8dv/Screenshot%202016-05-09%2009.25.51.png?dl=0 – iWizard May 09 '16 at 07:25
  • according to [link](https://en.wikipedia.org/wiki/Same-origin_policy) cross origin policy, there is no way you can send JS request outside your own domain. – PSo May 09 '16 at 07:27
  • Is there any other phonegap or ionic script which can connect to remote go gorilla websocket server? – iWizard May 09 '16 at 07:28

1 Answers1

3

The solution is - to implement your own CheckOrigin function in your websocket.Upgrader{} because default one checks server host and accept client connections only from same host

Vadyus
  • 1,299
  • 8
  • 19
  • Is that ok if we look from security point? I am using on my server sequence and token authorization. – iWizard May 09 '16 at 08:00
  • Origin header that is checker can be set manually, so yes, i dont think it will have huge impact on security – Vadyus May 09 '16 at 08:01
  • What is your advice, should I go with socket.io (which site is down in the moment:) ) or I can stay with web socket? – iWizard May 09 '16 at 08:09
  • My advice is to correct server-side code to make things work – Vadyus May 09 '16 at 08:36
  • Thank you. I have implemented my own CheckOrigin function and now everything it's working. Do you have any other advice to improve security on server side? – iWizard May 09 '16 at 09:21