In the past, websockets were not supported by all browsers and networks.
We were required to provide fallback solutions like HTTP Long Polling.
This situation appeared to change.
At least the browsers support looks great now: https://caniuse.com/#feat=websockets
I could not find any statistics about networks blocking websockets.
Do we have any data proving that there is still a justification for websocket fallback solutions?
Last year, I had an issue using Trello at work. While the page was initially shown, some changes were not reflecting on the page. I investigated using the Chrome debugger and found out that WebSockets connection was blocked (at least for that website).
After a few exchanges with IT, and some firewall black magic on their side, the issue was resolved and now Trello works fine.
So, in a few corporate environments, some WebSockets scenarios still need a fallback IMHO.
Related
Due to the too-strict filtering in Iran by its government, any proxy I've ever used has been blocked.
I used L2TP, IPSec, Shaddowsocks, V2ray (Vmess, Vless), and many VPN applications like StarVPN, X-VPN, HotspotShield and etc, but they've been blocked recently.
V2ray was working until yesterday, but today it has been blocked. I even changed the server and it's not still working.
I don't know how exactly the government blocks these protocols, but I think they are recognizable, so I'm looking for an unrecognizable proxy protocol. Do you have any suggestions?
Thanks in advance
I have recently been sharing the connection of my mobile device to my laptop, when i'm out and about, through the use of an app called netshare. It provides a https proxy I believe through which it acts as a network repeater?(not sure about this part). I can access webpages and such quite easily. However, I have realised that I cannot connect to some apps. For example, I cannot use spotify. Installing some other apps like games etc also prove to fail. I have done a bit of research and found that apparently I could only surf the web with a https proxy. However, I found this to be unambiguous. Does this mean that I can only make https requests? Or is this because of https using TCP over UDP? What are the limitations and what can I do to possibly solve it?
Thanks
I am searching for a server push technology for my web application.
I would like to use a similar technology as StackOverflow, as that one is working very well.
So, are there any suggestions?
For server-to-client push Server-Sent Events is a better choice than WebSockets. GitHub uses SSE for automatically showing new comments, pull requests, etc.
SSE is HTTP-compatible, so it will work with proxy servers and you won't need HTTPS to have it working in practice (e.g. plenty of mobile operators have a HTTP proxy that breaks unencrypted WebSockets, but SSE works fine).
SSE connection is lightweight and quick. There's no extra handshake and connection upgrade procedure. If you have SSE on every page, then your server will have less work to do.
SSE protocol is super simple. You don't need special web server or library for it, and it can be polyfilled for old browsers.
I suggest you have a look at QWebSockets, if you control the server-side.
Otherwise, socket.io is a good candidate.
There are also ghosted services like Pusher and PubNub, which are free for a moderate number of push messages.
Need to be able to continuously receive calls when a Chrome webpage is open. How do I do that even for users who are inside a strict enterprise network?
WebSockets? (but there's the proxy problems that doesn't know what wss:// is)
HTTP? (but will I have to poll?)
Other?
Since you included the "vLine" tag, I'll reply with some information on how our WebRTC platform will behave in an enterprise network. vline.js will use a secure WebSocket by default if the browser supports it and fall back to HTTPS long polling. As described here, the secure WebSocket may work depending on the exact proxy configuration. Feel free to test it out by using GitTogether or creating your own vLine service for testing.
This might sound really naive but I would really find a descriptive answer helpful.
So, my question is this:
I can use Firebug to look at AJAX requests made from any website I visit. So, am I right in saying that I wouldn't be able to examine the same communication between the client and the server if the website choses to use Websockets? In other words, does this make it more secure?
No. Not at all. Just because the browser does not (yet) have a tool to show WebSocket traffic, doesn't make it any more secure. You can always run a packet sniffer to monitor the traffic, for example.
No, because there will be other ways beside the browser-build in tools to read your traffic.
Have a try: Install and run Wireshark and you will be able to see all packets you send and receive via Websockets.
Depends on the application. If you are fully Ajax without reloading the document for data then I would think websockets would provide a better authentication for data requests then a cookie session in regards to connection hijack. Given that you are using SSL of course.
Never rely on secrecy of algorithm cause it only gives you false sense of security. Wiki: Security by obscurity
Remember that browser is a program on my computer and I am the one who have a full control over what is send to you, not my browser.
I guess it's only matter of time (up to few months IMO) when developer tools such as Firebug will provide some fancy tool for browsing data send/received by WebSockets.
WebSockets has both an unencrypted (ws://) and encrypted mode (wss://). This is analogous to HTTP and HTTPS. WebSockets protocol payload is simply UTF-8 encoded. From a network sniffing perspective there is no advantage to using WebSockets (use wss and HTTPS for everything at all sensitive). From the browser perspective there is no benefit to using WebSockets for security. Anything running in the browser can be examined (and modified) by a sufficiently knowledgeable user. The tools for examining HTTP/AJAX requests just happen to be better right now.