Websocket unauthorized 403 error

I’m having issues with ssl with websockets it’s returning a 403 status, I have a SPA (Single page app) on github pages that accesses my api in www.acacito.com, I think this is a problem of conf/prod.exs, any help is appreciated.

My prod file looks like this:

use Mix.Config

config :publit, Publit.Endpoint,
  http: [port: {:system, "PORT"}],#System.get_env("PORT")],
  url: [host: "www.acacito.com", port: 80],
  cache_static_manifest: "priv/static/manifest.json",
  # Distillery release config
  root: ".",
  server: true,
  version: Mix.Project.config[:version]

config :publit, Publit.Endpoint,
  secret_key_base: System.get_env("SECRET_KEY_BASE")

# Do not print debug messages in production
config :logger, level: :info

# Configure your database
config :publit, Publit.Repo,
  adapter: Ecto.Adapters.Postgres,
  username: System.get_env("DB_USERNAME"),
  password: System.get_env("DB_PASSWORD"),
  database: System.get_env("DB_DATABASE"),
  hostname: System.get_env("DB_HOSTNAME"),
  pool_size: 20,
  types: Publit.PostgresTypes

config :phoenix, :serve_endpoints, true

# arc
config :arc,
  storage: Arc.Storage.S3,
  bucket: "acacito"

# aws
config :ex_aws,
  access_key_id: System.get_env["AMAZON_KEY_ID"],
  secret_access_key: System.get_env["AMAZON_SECRET_KEY"],
  region: "sa-east-1",
  s3: [
    scheme: "https://",
    host: "s3-sa-east-1.amazonaws.com",
    region: "sa-east-1"

config :publit, :message_api, Publit.MessageApi
1 Like

I think I’ve ran into this issue in the past and the solution was to add the domain to the check_origin whitelist in /web/channels/user_socket.ex. It’ll look something like this.

transport :websocket, Phoenix.Transports.WebSocket,
  check_origin: [
    "//example.com", //replace this with your domain

Which domain should I use with a device running android or ios?

1 Like

I believe you can set check_origin: false to allow any domain, but I would make sure that I have some sort of authentication setup.

1 Like