PHP Fat-Free-Framework plus Node.js and Secure Websockets

Question

I have been tasked with testing the feasibility of using F3 and Node.js along with Socket.IO for our upcoming web-app. The app will use https exclusively. The boss likes F3's templates so that is why we aren't using Node exclusively server side.

F3 will be used to serve up the static content. I want to use WSS to feed the page live data plus let the client make requests relevant to that live data.

I have coded up a test app and I have got all of the moving parts working but I have hit a snag. When my client-side WSS websocket tries to connect to the Node app listening on 9220, the browser complains about CORS. I got around this by setting up an exception for 192.168.10.1:9220 but I doubt this approach will work in production.

Once complete, our web-app will be served from our own hardware which will be part of the client's existing network. I am using a self-signed cert whose common name is 192.168.10.1. I am currently doing a 'redirect permanent' to force everything to https from *:80.

My question is this: is there a way to allow F3 to grab all page requests for '/blah_blah' and have possibly several Node apps (we will have one app for certain) listening on their respective ports for client connections and have those clients connect to the Node ports without having to do any special exceptions? And have it all happen over https?

I don't know if I need to investigate using more virtual hosts or proxies or what. I guess what I am wanting is a direction to go in, in terms of what to investigate next in order to get all of the parts to play nice over https without having to set up any browser exceptions.

A typical page would contain text and graphics served via F3 along with a dynamic graphic (usually as a HTML5 Canvas object), that is updated only when the source data changes, via WSS.

---

UPDATE:

Turns out simply solving the CORS issue (as @ikkez suggested) allowed all my moving parts to work. These are the key points I had to do in order to get it to work:

• Created a Cert Authority and added that to the browser

• Used that CA to sign a cert for the IP of where our server will be. By that I mean the CommonName is the IP.

• I use a virtual host on *:443 with a ServerName equal to the IP of where the server is. I also have rewrites enabled to use F3.
  <Directory /var/www/html/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* index.php [L,QSA] </Directory>

---

• My Node app's crucial calls are:

  var options = {
  key: fs.readFileSync('path-to-ssl/192.168.10.178.key'),
  cert: fs.readFileSync('path-to-ssl/192.168.10.178.cer')
  };

  var app = https.createServer(options, function(req, res) {});
  var io = require('socket.io').listen(app);
  io.set('origins', '192.168.10.178*:*');

Answer 1

Well, actually your question is how to enable CORS support on node.js?! A short google search gives you a hand full for resources for doing this in express.js. Once you send the right CORS headers in your node application, your browser will not shout for exceptions anymore.

Nevertheless, if you only need the websocket for realtime content updates on your website, you can also try another approach using ajax long polling and the new $f3->until() methed, to load new data on demand. A little sample usage can be found here . Maybe this will already do the trick