tile38
tile38 copied to clipboard
WebSocket interface doesn't reply to requests after connection upgrade
Describe the bug
I'm not sure if this is a bug or if i'm not using it correctly. I initiate a new WebSocket
connection in Chrome and it appears to connect and upgrade the request properly. The problem is that any request I send after that the server doesn't reply and the server log has [ERRO] invalid HTTP request
.
To Reproduce Steps to reproduce the behavior:
- Checkout this repo: https://github.com/Kilowhisky/tile38-viewer
- Run local tile38 using docker based on instructions on the website
- Run the react code
- Attempt to connect to the server using
ws://localhost:9851
Expected behavior I would expect once I have established the WebSocket connection I can just treat it like a telnet connection.
Logs
Operating System (please complete the following information):
- OS: Mac
- CPU: Apple
- Version: docker:latest
- Container: Docker
Additional context
Actually, re-reading the docs... it looks like websockets aren't designed for multiple messages...
I'll refactor to make use of standard HTTP calls I guess...
EDIT: Great, now chrome wants CORS headers to be present....
So for this app I either need HTTP interface to support CORS or WebSockets to support a two way connection.
Both will require a PR...
What do you think? I can make them.
I haven't had the chance to take a deep dive into your PR yet. Preflighting seems reasonable, though I wondering about the security ramifications of using Access-Control-Allow-Origin: *
by default for directly connecting to a Tile38 instance, particularly from a web browser.
Web browsers are the only http clients that adhere to CORS (and require it). Because of that I assumed that it just wasn't being used in browsers before since it wouldn't have worked anyways.
The * is a little more lax than I would have liked but building in a whole array of allowed origins would have been quite the work and also only benefited future use cases.
I just figured if it came up in the future, it could be added then. KISS and all that.
Also, web sockets don't follow CORS so any web browser could already open a socket request to tile38. It's inefficient as hell, but it works.