Delphi 10.4.2, TMS Web Core 1.6.2.0
I created a simple websockets server (with node.js) which runs on a Linux server (in the internet, not in the local network) and which handles upgrading to SSL.
I understand that the websocket component chooses ws:// or wss:// according to the app hosting because of security polices.
When writing a simple client application with Web Core, which only connects to this server, sending a message to it when pressing a button and disconnects when pressing another button, the following happens:
a) When running as a normal TMS Web Application from the local TMS Server, it connects (running from http://, so handling the upgrade from ws:// to wss:// correctly)
b) When running from another internet server, it connects (using wss:// immediately)
c) When creating an Electron client app with this simple logic, it does not connect. In debug version the browser console says:
WebSocket connection to 'ws://myserver:12345/' failed: Connection closed before receiving a handshake response
So what's the difference in Electron compared to a "normal" Web Core app?
Also, the console in the Electron app says this on start:
Electron Security Warning (Insecure Content-Security-Policy) This renderer process has either no Content Security
Policy set or a policy with "unsafe-eval" enabled. This exposes users of
this app to unnecessary security risks.
It looks like the websocket path is constructed in a way that in Electron it concatenates the path to the project.html file after the url. Can you try setting the PathName property to /?
Hello Tünde,
yes, I saw this already and did what you proposed already before my post. But id didn't change the behaviour.
Now I edited the file WEBLib.WebSocketClient.pas and changed the lines in function TSocketClient.GetWebSocketPath: string; where the protocol is set, in a way, that always 'wss://' is used. This works!
So I think, not only for workaround purpose, it would be nice to have a property in TWebSocketClient with which you could force it to use SSL. (Or something like: property Protocol: (Automatic, ForceWSS)).
Another question: Is it safe (regarding Web Core) to update Electron? (I have Ver. 8.0.0 installed.)
We will consider your suggestion about introducing a property like that.
Normally it should be safe to update, however we did not test against the newly released Electron v12 yet. I expect Electron v11 to be fine but if you try Electron v12 and run into issues then let us know.
a) when updating Electron from 8.0.0 to 11.3.0, the WebSocket connect now works when using the standard logic (i.e. the connection is ws://xxx).
b) when updating Electron to latest version (12.x.y), the app does not run because of the error "required() is not defined" when executing the line
NJS_OS:=TNJSOS(Require('os'));
in the initialization part of nodejs.pas.
Maybe it's the problem which is described here:
Someone there tells about breaking changes from Electron 11 to 12 which may cause this.
Thank you for the detailed response, we added an improvement to Electron project creation. If you wish to keep using Electron v12, you can add contextIsolation: false to your main.js file, right after the nodeIntegration option.