Socket.IO: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource

Question

I have a strange issue in FF which is not reproduced in Chrome: websocket connection to another origin does not work when using SSL connection.

My Rails app is running o

Answer 1

There was everything OK with CORS configuration in our socket.io app

The problem was with SSL certificates: our configuration was missing ca (intermediate certificate) option in the HTTPS server initialization. We fixed the issue with this code:

require('https').createServer({
  ca: fs.readFileSync(process.env.SSL_CA),         // this config was missing
  cert: fs.readFileSync(process.env.SSL_CERT),
  key: fs.readFileSync(process.env.SSL_KEY)
})

As nodeJS create Secure Context documentation says:

ca string | string[] | Buffer | Buffer[]. Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are explicitly specified using this option. The value can be a string or Buffer, or an Array of strings and/or Buffers. Any string or Buffer can contain multiple PEM CAs concatenated together. The peer's certificate must be chainable to a CA trusted by the server for the connection to be authenticated. When using certificates that are not chainable to a well-known CA, the certificate's CA must be explicitly specified as a trusted or the connection will fail to authenticate. If the peer uses a certificate that doesn't match or chain to one of the default CAs, use the ca option to provide a CA certificate that the peer's certificate can match or chain to. For self-signed certificates, the certificate is its own CA, and must be provided. For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE", "X509 CERTIFICATE", and "CERTIFICATE".