Phoenix: Phoenix Socket check origin error message too vague

We already have a better error message in master. I am on my phone, so I
can't provide a link, but search for the "check_origin" function in this
code base. It will show you the warning and explain exactly how to fix it.

On Wednesday, November 18, 2015, Tony Walker [email protected]
wrote:

I have a Phoenix App, deployed behind a nginx proxy.
When trying to connect using web sockets over HTTPS I get the following
error:

[error] Could not check origin for Phoenix.Socket transport.

Here's my corresponding nginx configuration:

location / {

# Proxy
proxy_pass http://app_servers;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;

# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

}

Also:

• The connection is attempted from a HTML5 mobile app.
• I did set the host in prod.exs

I believe the error message above is way to vague, and a more informative
message could potentially be more helpful. (For instance displaying the
compared values)

BTW, are there any recommendations to deal with these check_origin issues?

Thanks

—
Reply to this email directly or view it on GitHub
https://github.com/phoenixframework/phoenix/issues/1359.

_José Valim_
www.plataformatec.com.br
Skype: jv.ptec
Founder and Director of R&D

The new message is here. https://github.com/phoenixframework/phoenix/blob/master/lib/phoenix/socket/transport.ex#L330-L347

If your clients are connecting from a different host than being served by your endpoint, you need to explicitly list the hosts in your check_origin configuration in prod.exs, for example check_origin: ["host1.com", "host2.com"]

@chrismccord What if I want to let any host connect to my Phoenix app over web sockets? In my case, I have a small JS script that people can include on their site and this script will connect to my application behind-the-scenes.

How can I accomplish this when the hosts remain unknown?

How can I accomplish this when the hosts remain unknown?

check_origin: false

That worked, thanks for the quick response

+1 @chrismccord thanks.

For anyone coming across this issue now, the configuration listed in the comments above is out of date. Now check_origin expects the strings passed to it to be parsable by URI.parse/1. So you should use:

check_origin: ["https://example.com", "//another.com:888", "//other.com"]

Reference:
https://github.com/phoenixframework/phoenix/blob/da9f7653b9daf29a4c415be52a19ee6f4473e083/lib/phoenix/socket/transport.ex#L389

If you try to use the configuration given above you'll get an error like:

(ArgumentError) invalid check_origin: "host1.com" (expected an origin with a host)

Although check_origin: false still works.

What about phoenix behind nginx behind a reverse proxy ?

the website works ok with phoenix behing nginx configuration but
the web socket does not work

the upstream client 192.168.0.10 is a reverse proxy on the private network which gets connections from outside

here is the error log message

5832#5832: *192 connect() failed (111: Connection refused) while connecting to
upstream, client: 192.168.0.10, server: foret.bet.com, request: "GET /socket/websocket?
token=undefined&vsn=1.0.0 HTTP/1.1", upstream: 
"http://[::1]:4020/socket/websockettoken=undefined&vsn=1.0.0"│host: "foret.bet.com"

I tried to put check_origin: ["//192.168.0.10","//foret.bet.com"] option in the transport macro
and config/prod.exs has url: [host: "foret.bet.com", port: 80]

but impossible to establish the connection on websocket

@blset I think it's something misconfigured.

I'm running a phoenix app behind a nginx proxy and the websockets work just fine.

client ├─ nginx ├── app1
                └── app2

Here's parts of the nginx.conf I used

upstream app_servers {
    # The app ip local or on the network
    server 127.0.0.1:9090;
    server 127.0.0.1:9091;
}

location / {

    # Proxy
    proxy_pass http://app_servers;
    proxy_pass_header Server;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Scheme $scheme;

    # WebSocket support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

Hope it helps! Cheers!