4

Well, I am trying to connect to this websocket ws://rustypot.com/socket.io/?EIO=4&transport=websocket but keep getting 403 forbidden error. I tried both connecting using my NodeJS backend and Postman with the same result. So, when you encounter such a problem, the first thing you're supposed to do is to check the headers and I did. All my headers are fine:

Error: Unexpected server response: 403
Handshake Details
Request URL: https://rustypot.com/socket.io/?EIO=4&transport=websocket
Request Method: GET
Status Code: 403 Forbidden
Request Headers
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: HeibSZt/sW4ivlyCkdN87g==
Connection: Upgrade
Upgrade: websocket
Origin: https://rustypot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Host: rustypot.com
Response Headers
Date: Sun, 26 Jun 2022 14:48:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
CF-Chl-Bypass: 1
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 7216be129b0484b0-LED

BUT if I try to connect to the same damn websocket via some chrome extension it works fine:

Chrome Dev Tools screenshot

Any help would be much appreciated. Is Cloudflare kicking my ass? I'm so confused

My Man
  • 63
  • 1
  • 5
  • I can see `http://`, `ws://` and `wss://`. That could be the problem. The working approach uses `wss://` and the other two approaches use `http://` and `ws://` – jabaa Jun 26 '22 at 15:14
  • 1
    Sorry this isn't an answer, but 1) please be sure that you're not sharing actual keys on this public site and 2) a 403 Forbidden response means the remote server does not like your request and usually they would be the ones to contact about why. – Altimus Prime Jun 26 '22 at 15:16
  • it's my bad i posted the wrong log here. I tried it with wss:// and it doesn't work either. But thanks for noticing that! – My Man Jun 26 '22 at 15:17
  • Altimus, this key is a one-time generated thing, so who cares. And yeah that's the point I'm trying to figure out what exactly they don't like about my request if it's sent from the same ip address and has the same headers as the request that works! That's what confuses me a lot – My Man Jun 26 '22 at 15:19
  • 1
    @MyMan Have you solved the problem at the end?? I'm having the same problem. – Alessio Trecani Mar 05 '23 at 21:20

0 Answers0