For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error:
WebSocket connection to 'wss://web.my-app.convox/socket/websocket?userToken=726&vsn=1.0.0' failed: Error during WebSocket handshake: Unexpected response code: 403
I have also tried ws:// instead of wss:// and got the same result.
I used to have BasicAuth running in my app, but I have removed it.
My user_socket.ex file is as follows:
defmodule MyAppWeb.UserSocket do
use Phoenix.Socket
## Channels
channel "vw:*", MyAppWeb.VowpalWabbitChannel
## Transports
transport :websocket, Phoenix.Transports.WebSocket, check_origin: false
def connect(_params, socket) do
{:ok, socket}
end
def id(_socket) do
nil
end
end
What can i do to connect to my websocket in a non-dev environment?
I’m not sure if there is any significance to url: [host: "example.com", port: 80], – I’m just running the app on some random AWS domain at the moment.
Would adjusting anything in this file help resolve the 403 I’m getting when trying to connect via websocket?
Ultimately I will want this app to be accessible via websockets from multiple domains – at least a dozen or so – do I have to list all these domains somewhere?
You probably want to set the check_origin option. By default I believe its whatever protocol, host, and port you set your host to. You’ll need to add any additional hosts to it there.
Yep, i missed that in your earlier message. Those are the only places you’d need to set it AFAIK. If its still an issue you’ll probably want to try to create a minimal reproduction repo and post a link here or ask on the slack phoenix channel.
Looking at your error, if you’re getting a 403 it may also be your authentication mechanism. Have you got any plugs like guardian that might be returning the 403 before your socket authenticates? You said earlier that you’d removed the Basic auth, so if that’s your only authentication you probably shouldn’t be getting a 403.
From a security perspective, I would defintely not recommend disabling the origin check. It’s there for a reason, and disabling it to “just make it work” isn’t the right way to go.
IF your issue has to do with the origin, make sure to provide a whitelist of allowed origins, instead of completely disabling the check.
Did you ever solve this? I am having the same problem. Websocket works on localhost but get 403 Forbidden when deployed on DigitalOcean in a Docker container.
@jononomo I just ran into this too. The way I fixed it is to use the check_origin option as suggested above, but instead of setting it false set it to a list of domains like