Login at Kodi Home

anatoly314 · 2020-06-24, 12:23

Is it possible to use websockets in a secure way, by wss//... not ws//... ?
I have developed a remote control web-based app, it uses WebSocket and when site hosted on HTTPS it complains about mixed content when I try to connect to WebSocket in an insecure way by using ws//...

More detailed question posted on StackOverflow: https://stackoverflow.com/questions/6255...tent-issue
Thank you in advance.

victmo · 2020-08-16, 22:41

I'm also wondering the same thing. I'm surprised that a quick google search didn't returned anything related to this question.
Has anyone had any luck with this?

anatoly314 · 2020-08-16, 23:16

(2020-08-16, 22:41)victmo Wrote: I'm also wondering the same thing. I'm surprised that a quick google search didn't returned anything related to this question.
Has anyone had any luck with this?

I'd say that it's rarely required and not quite possible to do due to certificate issues. You should be able to import your own certificate otherwise it's meaningless.

victmo · 2020-08-17, 00:42

(2020-08-16, 23:16)anatoly314 Wrote:
(2020-08-16, 22:41)victmo Wrote: I'm also wondering the same thing. I'm surprised that a quick google search didn't returned anything related to this question.
Has anyone had any luck with this?

I'd say that it's rarely required and not quite possible to do due to certificate issues. You should be able to import your own certificate otherwise it's meaningless.

I agree with it being rarely required but I'd like to know if given my own valid cert if it would be possible to use wss...
Currently, Kody doesn't even responds to my wss connection requests ¯\_(ツ)_/¯

PayneEdward · 2021-02-17, 16:25

Anything is possible, the key that a lot of developers miss is to test the security of websockets, it's something that the majority fails to understand. All the vulnerabilities of a websocket must be treated with high priority and that's a fact, non-negociable. I've been working for the past year in a company that deals with websocketing and the fact that they don't test the possible vulnerabilities is driving me mad. I'm actually thinking about scheduling a meeting with a project manager to talk about this, cause I actually care about the quality of the web applications we develop.