Question

Using SignalR 0.53 and self-hosting with OWIN, I was able to have an HTTPS client connect successfully to a non-HTTPS localhost port.

I have now upgraded to SignalR 1.1.2.

I have enabled cross-domain have have non-HTTPS clients connecting successfully. However, now it seems that an HTTPS client will be blocked.

Note: I also have to use IE10. This appears in the console:

SEC7111: HTTPS security is compromised by http://localhost:9100/signalr/hubs

An alert with "SignalR: Error during negotation request: undefined" is displayed.

How can I remedy this?

Était-ce utile?

La solution 2

Managed to find a fix in the end. The security issue was a red herring. Under normal circumstances on IE10 it will use jsop and give this message:

"SignalR: Using jsonp because this browser doesn't support CORS"

However, with this particular client this was not happening. Specifying the use of jsonp explicitly when connecting fixed the issue.

$.connection.hub.start({ jsonp : true },function () { ...

Autres conseils

This is just standard mixed-mode connection blocking. When you're on a page that is HTTPS, all the resources from it should be HTTPS or else you could be tricked into sending data in the clear even though you're thinking you're on a secure page. So the browser (IE at least) is protecting you by not allowing this form of mixed-mode communication. If your page is HTTPS, your SignalR connections will also need to be HTTPS.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top