Contenct Security Policy refuses connect to Websocket Error

Question

i can't connect to the websocket because of my CSP (Content Security Policy) - what is wrong?

Error:

ps-client-component-websocket-adapter.js:412 Refused to connect to 'wss://hostname.domain:port/jsonWebSocket' because it violates the following Content Security Policy directive: "connect-src 'self'".

My IIS web.config

 <?xml version="1.0" encoding="UTF-8"?>
        <configuration>
            <system.webServer>
                <httpProtocol>
                    <customHeaders>
                        <add name="Cache-Control" value="no-cache" />   
                        <!---<add name="X-Content-Security-Policy" value="default-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self'; object-src 'none'; child-src *;" />-->
                        <add name="Content-Security-Policy" value="connect-src 'self' wss://hostname.domain:port/jsonWebSocket; default-src 'self' 'unsafe-eval'; img-src * data:; object-src 'none'; child-src *;" />              
                    </customHeaders>
                </httpProtocol>
            </system.webServer>
        </configuration>
        </configuration>

score 0 · Answer 1 · edited Mar 25 '19 at 16:59

0

It seems like you are missing comma in connect-src.

edited Mar 25 '19 at 16:59

double-beep

5,031
17
33
41

answered Mar 25 '19 at 16:17

Ely ILiyn

11
1

Could you clarify? Could you send the updated version? – Halil Jun 01 '21 at 18:47

score 0 · Answer 2 · answered Oct 03 '21 at 09:17

0

A bit late to the party, but as per MDN,

connect-src 'self' does not resolve to websocket schemas in all browsers, more info in this issue.

You may want to add wss to connect-src as it is done in this answer for example.

answered Oct 03 '21 at 09:17

lnstadrum

550
3
15

Contenct Security Policy refuses connect to Websocket Error

2 Answers2