-
-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using stream - websocket - error 403 handshake #372
Comments
Try setting server.stream.allowedOrigins to the host from where you try to access the websocket: server:
stream:
allowedorigins: # allowed origins for websocket connections (same origin is always allowed)
# - ".+.example.com"
# - "otherdomain.com" |
Tried it, but without success. (still handshake 403) Can the token be the cause for this error? I'm using one of my client tokens. |
Please show your configuration file. |
# Example configuration file for the server. # Save it to `config.yml` when edited server: keepaliveperiodseconds: 0 # 0 = use system default; set the interval in which keepalive packages will be sent. Only change this value if you know what you are doing. listenaddr: "" # the address to bind on, leave empty to bind on all addresses port: 8081 # the port the HTTP server will listen on ssl: enabled: false # if https should be enabled redirecttohttps: true # redirect to https if site is accessed by http listenaddr: "" # the address to bind on, leave empty to bind on all addresses port: 443 # the https port certfile: # the cert file (leave empty when using letsencrypt) certkey: # the cert key (leave empty when using letsencrypt) letsencrypt: enabled: false # if the certificate should be requested from letsencrypt accepttos: false # if you accept the tos from letsencrypt cache: data/certs # the directory of the cache from letsencrypt hosts: # the hosts for which letsencrypt should request certificates # - mydomain.tld # - myotherdomain.tld responseheaders: # response headers are added to every response (default: none) # X-Custom-Header: "custom value" cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers. alloworigins: # - ".+.example.com" # - "otherdomain.com" allowmethods: # - "GET" # - "POST" allowheaders: # - "Authorization" # - "content-type" stream: pingperiodseconds: 45 # the interval in which websocket pings will be sent. Only change this value if you know what you are doing. allowedorigins: # allowed origins for websocket connections (same origin is always allowed) - "openhab" # - "otherdomain.com" database: # for database see (configure database section) dialect: sqlite3 connection: data/gotify.db defaultuser: # on database creation, gotify creates an admin user name: admin # the username of the default user pass: admin # the password of the default user passstrength: 10 # the bcrypt password strength (higher = better but also slower) uploadedimagesdir: data/images # the directory for storing uploaded images pluginsdir: data/plugins # the directory where plugin resides |
tried it commented out, because I'm sending from the same machine, but with same result. |
what is the url gotify is running on and from which url you try to access it? |
server listening on: openhab:8081 . trying to reach from openhab:80 (which is my local raspberry Pi) |
add |
still the same and I can see the request coming in. |
You are right, this is a bug. You can work around it by also setting server -> cors -> allowedorigins to openhab. |
It works! Thank you very much! |
Having this same issue. I am using Caddy to locally serve a web interface for my app ( sock1 = new WebSocket('wss://push.heart.lan/stream?token=MYVALIDTOKEN'); The same code run in the console of Here is my gotify config (trying everything): server:
cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
alloworigins:
- ".*"
stream: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
allowedorigins:
- ".*"
- "web.heart.lan"
- ".+.heart.lan"
And here is my Caddyfile if it matters:
Looking through the code in Thanks for all your hard work!! :) |
@tnyeanderson On what port is web.heart.lan & push.heart.lan served? |
They are both accessed via 443.
Both are using self-signed certificates. Thanks! |
Could you try using a non regex in server.cors.allowedorigins. Like this which allows every origin?
|
I've actually tried both. Here was my original config before switching to regex: server:
cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
alloworigins:
- "*"
stream: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
allowedorigins:
- "*"
- "web.heart.lan"
- "*.heart.lan" It did not work with this config either. I'd also like to note that it looks like the EDIT: Also, just now I tried with the following config (asterisk in cors, regex in stream) which also did not work: server:
cors: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
alloworigins:
- "*"
stream: # Sets cors headers only when needed and provides support for multiple allowed origins. Overrides Access-Control-* Headers in response headers.
allowedorigins:
- ".*"
- "web.heart.lan"
- ".+.heart.lan" |
@tnyeanderson does something like this work?
|
@jmattheis With the configuration you provided, I still get a 403 error :( |
In my tests, it does work. Does gotify/server log something? |
|
The first (403) is running the console code above from
EDIT: This is with the config you shared above |
@jmattheis Realized I forgot to mention you in my response :) |
No need, I'll get notifications for everything in the gotify org (:. Can you show the whole config that you used with these changes |
Those are my entire configs :) I don't have anything else in my |
My config:
Dunno, what's happening in your setup. Most likely, the config.yml that you've defined isn't used. |
Hmmm... I know it was being used before because I would get syntax errors when I screwed it up. I've created a zip file that minimally reproduces the issue: To reproduce:
Maybe I'm doing something wrong and you can point me in the right direction.... |
Yep, config.yml won't be used in your example. You need to mount the config.yml on /app
|
Face.... meet palm. It works! Is this path documented anywhere? Not sure why I was getting errors before when my config file was malformed.... must have been a fluke. Thanks! |
nope, not documented. But the docs state
|
Yeah, to be honest, I took one look at the escapes required to use env vars for these config parameters and decided to go with a regular yaml file. Thanks again for the help!!! :) |
Not work for me too Workaround by deleting Sample Caddy config to fix this issues
|
Having the same issue. Tried everything. BTW, did you notice that the environment variable names for allowedorigins and alloworigins are inverted vis-a-vis the docs?
|
Ah, got it to work. It was in fact the ALLOW vs ALLOWED. I got thrown off because it allows you to use those vars in some scenarios and fails in some scenarios where you use it correctly. This is the winning ticket:
|
Have you read the documentation?
You are setting up gotify in
Describe your problem
Hi, I'm trying to fetch messages through the stream websocket and I always get a 403 handshake error. I've tried every token available and can't find a solution.
`
<script type="text/javascript">
var socket = new WebSocket('ws://localhost/stream?token=xxxxxxxxx');
socket.onerror = function() {
console.log()
};
`
What am I doing wrong? Even though the demand for extra documentation was declined in another issue, I'd love to see more than the swagger file.
The text was updated successfully, but these errors were encountered: