Is it possible to force socket.io to use wss instead of ws, without having to change to https?

Question 1

Is it possible to force socket.io to use wss instead of ws, without having to change to https?

javascript sockets security socket.io wss

Kitanga Nday · Jan 2, 2017 · Viewed 16.6k times · Source

Answer

Answer

Yes, this is possible. To do this, pass your websocket URL to the socket.io client directly, like this:

var socket = io('wss://example.com/');

Note that the reverse is not possible: while there's nothing to prevent HTTP pages from creating WSS connections, most browsers today block any WS connection from an HTTPS page to enforce the heightened security.

I would also caution that a websocket opened over WSS is still no more secure than the page it originated from. If you're using WSS for its security benefits, be advised that all that security could be for naught if an attacker overrides your page at the time that it's loaded (which HTTPS would prevent).

Question 2

I have been trying to setup a server where users can send sign in using websockets, but I don't want to do this using ws. I want to be able turn on wss without having https. Sadly, there aren't any options to do this. And so the question is how would one do this on the client side without using https protocol.

Is it possible to force socket.io to use wss instead of ws, without having to change to https?

Answer

Related questions