Websocket: WSS instead of WS if page is accessed via HTTPS #2937
Conversation
Prevents mixed content errors in the browser by selecting WSS or WS for the websocket depending on the page's scheme (HTTPS or HTTP).
|
Hi @sfeilmeier, I just upgraded my FEMS system to version 2025.1.2 but this fix is not being used. Instead, the backend URL is still built statically with unencryted |
Are you sure it is using ws:// to Backend? This is from my FEMS and i guess it is either local EDGE to UI or the config does not reflect the wss:// to Fenecon.
|
|
Hi @Sn0w3y, I think WS is the preferred way here. WSS is added via e.g. nginx proxy functionality. This has several advantages, e.g. minimisation of attack surface, more up to date security fixes. Easier certificate handing,... |
|
Hi @clehne - this is just a Snippet (Screenshot) from a FEMS we have in our Account :D |
|
@helgeklein: OpenEMS UI uses themes for different production stylings. OpenEMS only has |
|
@Sn0w3y The However, my issue (and fix) are about something different: they're about how the JavaScript code in the browser talks to the Fenecon device in my house. And that latter communication is still happening unencrypted via WS. |
Thanks, @sfeilmeier. How can the URL template be changed in the theme used by Fenecon? |
|
Hi @sfeilmeier, will the Fenecon theme be updated to include this change? |
Prevents mixed content errors in the browser by selecting WSS or WS for the websocket depending on the page's scheme (HTTPS or HTTP).
This fixes the problem described in issue 2396.