Hi folks,
I configured this module and its nodejs counterpart to use https, but the client's socket.io didn't acknowledge this and continued using http. This caused my browser to complain of "mixed content" on a secure page, and block socket.io by default. Below is the solution and recommended fix.
I discovered that the scheme the client will use is defined here:
/modules/nodejs/nodejs.js :: line 86
var scheme = drupalSettings.nodejs.client.secure ? 'https' : 'http'
So it depends on the .secure
setting. We can see where that's defined:
/config/install/nodejs.config.yml :: line 15-16
scheme: 'http'
secure: 0
However, .secure
isn't made available to change in the config form: /nodejs/src/Form/NodejsConfigForm.php
. So .secure
will always be 0, and changing scheme to https does nothing.
Recommended fix: Remove the .secure
setting (it is seemingly deprecated?), and change the following line:
/modules/nodejs/nodejs.js :: line 86
var scheme = drupalSettings.nodejs.client.scheme,
Comment | File | Size | Author |
---|---|---|---|
#9 | nodejs_js_https_scheme-2783703-9.patch | 1.06 KB | imclean |
Comments
Comment #2
joelstein CreditAttribution: joelstein as a volunteer commentedHere's a patch which fixes this issue.
Comment #3
webflo CreditAttribution: webflo at UEBERBIT GmbH commentedCould we remove remove "secure" altogether from the configuration?
Comment #4
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedThis works
Comment #5
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedThe client is what is in the 'backend' section of the nodejs.config.js file, right?
This patch works if my client and server are both https.
But when my client is http and the server is https this patch does not work.
I do not get a mix content error in this case.
If the server is sending socket.io over https, the nodejs module is asking for http.
Comment #6
SocialNicheGuru CreditAttribution: SocialNicheGuru commentedwithout the patch there is no way for https to work (at least in my config)
Comment #7
imclean CreditAttribution: imclean commented#5, the config sections are as follows:
nodejs.config.js
: The first few lines refer to the what the nodejs server will be listening on: scheme, port, host and resource (see point 4)nodejs.config.js
: The "backend" section refers to the Drupal backend/admin/config/nodejs/settings
: "Drupal to Node.js server protocol" is the how Drupal will talk to the Nodejs server (see point 1)/admin/config/nodejs/settings
: "Client javascript to Node.js server protocol" is how the the browser's JS will talk to the Nodejs server (in this case, probably the same as point 3 above). This is also wheresocket.io
will be served to the browser fromComment #8
imclean CreditAttribution: imclean commentedPatch from #2 taking into account #3.
Comment #9
imclean CreditAttribution: imclean commentedMissed one.
Comment #11
Anonymous (not verified) CreditAttribution: Anonymous commentedthanks! pushed.
Comment #12
joelstein CreditAttribution: joelstein as a volunteer commentedThanks!