Java – WebSockets 403 Forbidden on HTTPS
I am currently trying to set up HTTPS in the spring boot 1.2 application This application uses a large number of WebSockets to communicate between two servers When it runs on simple HTTP, everything is normal, but when I switch it to HTTPS, I encounter 403 Forbidden error on Firefox and chrome (not tested on IE yet) I have a simplecorsfilter setting that accepts all connections, so I don't think that's a problem All restful requests to the same server over HTTPS work, and it's just WebSockets that seem to be blocked
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends
AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableSimpleBroker("/topic");
config.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/simulation").withSockJS();
}
}
This is my front-end websocket connection
socket = new SockJS(https://my.url + '/simulation');
stompClient = Stomp.over(socket);
stompClient.debug = false;
stompClient.connect({},function(frame) {
stompClient.subscribe('/topic/',function(status){
// Do something with result
});
});
Editor: This is an error in the chrome console
GET https://localhost:8090/simulation/info 403 (Forbidden) stomp.js:8 Whoops! Lost connection to undefined
Edit 2: this error appears to be a side effect of the recent upgrade from spring boot 1.1 to spring boot 1.2 When I determine which dependency caused the error, I update it
Solution
Try this:
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/simulation").setAllowedOrigins("*").withSockJS();
}
Please note that allowing all sources may impose cross - Site Request Forgery For defense methods, see https://www.owasp.org/index.php/Cross-Site_Request_Forgery_ (CSRF).