Hi folks,

I configured this module and its nodejs counterpart to use https, but the client's socket.io didn't acknowledge this and continued using http. This caused my browser to complain of "mixed content" on a secure page, and block socket.io by default. Below is the solution and recommended fix.

I discovered that the scheme the client will use is defined here:

/modules/nodejs/nodejs.js :: line 86
  var scheme = drupalSettings.nodejs.client.secure ? 'https' : 'http'

So it depends on the .secure setting. We can see where that's defined:

/config/install/nodejs.config.yml :: line 15-16 
  scheme: 'http'
  secure: 0

However, .secure isn't made available to change in the config form: /nodejs/src/Form/NodejsConfigForm.php. So .secure will always be 0, and changing scheme to https does nothing.

Recommended fix: Remove the .secure setting (it is seemingly deprecated?), and change the following line:

/modules/nodejs/nodejs.js :: line 86
  var scheme = drupalSettings.nodejs.client.scheme,
CommentFileSizeAuthor
#9 nodejs_js_https_scheme-2783703-9.patch1.06 KBimclean
#8 nodejs_js_https_scheme-2783703-8.patch986 bytesimclean
#2 nodejs-js-https-scheme-2783703-2.patch670 bytesjoelstein
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Softmints created an issue. See original summary.

joelstein’s picture

joelstein CreditAttribution: joelstein as a volunteer commented
Status: Active » Needs review
FileSize
nodejs-js-https-scheme-2783703-2.patch670 bytes

Here's a patch which fixes this issue.

webflo’s picture

webflo CreditAttribution: webflo at UEBERBIT GmbH commented

Could we remove remove "secure" altogether from the configuration?

SocialNicheGuru’s picture

SocialNicheGuru CreditAttribution: SocialNicheGuru commented
Status: Needs review » Reviewed & tested by the community

This works

SocialNicheGuru’s picture

SocialNicheGuru CreditAttribution: SocialNicheGuru commented
Status: Reviewed & tested by the community » Needs work

The client is what is in the 'backend' section of the nodejs.config.js file, right?

This patch works if my client and server are both https.

But when my client is http and the server is https this patch does not work.
I do not get a mix content error in this case.

If the server is sending socket.io over https, the nodejs module is asking for http.

SocialNicheGuru’s picture

SocialNicheGuru CreditAttribution: SocialNicheGuru commented

without the patch there is no way for https to work (at least in my config)

imclean’s picture

imclean CreditAttribution: imclean commented

#5, the config sections are as follows:

  1. nodejs.config.js: The first few lines refer to the what the nodejs server will be listening on: scheme, port, host and resource (see point 4)
  2. nodejs.config.js: The "backend" section refers to the Drupal backend
  3. Drupal /admin/config/nodejs/settings: "Drupal to Node.js server protocol" is the how Drupal will talk to the Nodejs server (see point 1)
  4. Drupal /admin/config/nodejs/settings: "Client javascript to Node.js server protocol" is how the the browser's JS will talk to the Nodejs server (in this case, probably the same as point 3 above). This is also where socket.io will be served to the browser from
imclean’s picture

imclean CreditAttribution: imclean commented
Status: Needs work » Needs review
FileSize
nodejs_js_https_scheme-2783703-8.patch986 bytes

Patch from #2 taking into account #3.

imclean’s picture

imclean CreditAttribution: imclean commented
FileSize
nodejs_js_https_scheme-2783703-9.patch1.06 KB

Missed one.

  • beejeebus committed 8611621 on 8.x-1.x authored by imclean 
    Issue #2783703 by imclean, joelstein: Client Socket.io doesn't switch to...
Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Needs review » Fixed

thanks! pushed.

joelstein’s picture

joelstein CreditAttribution: joelstein as a volunteer commented

Thanks!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.