commit f4440e6e8ea035e867a45846cc67bac5e5df95c2 Author: David Fifield david@bamsoftware.com Date: Tue Jun 5 22:10:18 2012 -0700
Use plain http (not https) in embed links.
Using https would be preferable, which is why I changed this to explicit https in 836b7a27. But I learned that Firefox doesn't allow making a plaintext (ws) WebSocket connection in an https page; you have to use wss instead, for the same reason you get mixed-content warnings.
https://bugzilla.mozilla.org/show_bug.cgi?id=662692 https://developer.mozilla.org/en/Firefox_8_for_developers#WebSockets https://developer.mozilla.org/en/WebSockets/Writing_WebSocket_client_applica...
I think that we can't use wss sockets because they would require each client to have a CA cert.
In the iframe link, I've left the protocol implicit, so it will use https if the page itself is https and http otherwise. This is to avoid using mixed content, but the badge won't work if the browser disallows the plaintext WebSocket.
The about:config setting that controls this is network.websocket.allowInsecureFromHTTPS. --- doc/websocket-transport.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/websocket-transport.txt b/doc/websocket-transport.txt index ad1eef5..cf46301 100644 --- a/doc/websocket-transport.txt +++ b/doc/websocket-transport.txt @@ -103,7 +103,7 @@ Examples
GET / HTTP/1.1\r\n Host: 192.0.2.1:80\r\n
-> Origin: https://example.com%5Cr%5Cn +> Origin: http://example.com%5Cr%5Cn
Sec-WebSocket-Version: 13\r\n Sec-WebSocket-Key: mzo2xSF9N8VUxuefqO0RSw==\r\n Connection: Upgrade\r\n
@@ -121,7 +121,7 @@ Examples
GET / HTTP/1.1\r\n Host: 192.0.2.1:80\r\n
-> Origin: https://example.com%5Cr%5Cn +> Origin: http://example.com%5Cr%5Cn
Sec-WebSocket-Version: 13\r\n Sec-WebSocket-Protocol: base64\r\n Sec-WebSocket-Key: k5Ybhw0XBDeBfmda1J9ooQ==\r\n