Socket.io Letsencrypt和CORS上的安全连接失败

Question

I have a simple node.js setup running socket.io >1.0.0;

fs = require('/home/node/bin/node_modules/file-system');

        // Options for socket.io > 1.0.0
        var options = {
                allowUpgrades: true,
                transports: [ 'polling', 'websocket' ],
                pingTimeout: 6000,
                pingInterval: 3000,
                cookie: 'nom-nom',
                httpCompression: true,
                key: fs.readFileSync('/etc/letsencrypt/live/example.com/privkey.pem'),
                cert: fs.readFileSync('/etc/letsencrypt/live/example.com/fullchain.pem'),
                origins: '*:*'
        };

        io = require('/home/node/bin/node_modules/socket.io')(8000, options);

When a client connects from a page served via http they are able to connect as expected and the socket connection is allowed. If a client tries to connect from a page served over https I get the following error;

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.com:8000/socket.io/?EIO=3&transport=polling&t=MfVDWxD. (Reason: CORS request did not succeed).

Given my CORS policy is already set for *:* which should allow anything I don't understand why it's failing.

I have tried adding {secure: true} to the client connection, and I've also tried forcing a wss:// and https:// url for the connection string - all result in the same CORS error.

This is a bare socket implementation, not using any framework like express or even http.

Can someone point me in the right direction so that I can allow my clients to connect via https or ideally http and https .

Answer 1

you need to install cors, you can do that with npm or any other package manager

then in your nodejs app:

// require cors
const cors = require("cors");
// Use Cors As Middleware
app.use(cors());