Websocket error 403 with Safari

Stefan356 · July 29, 2020, 10:37pm

Hi there

I am developing a card playing game and things work fine in Google Chrome. When I open the app in Safari, I get the following error

[Debug]
 Invoking executeWebSocket, using URL: ws://server.jasse.ch:8080/jass/?v-r=push&v-uiId=1&v-pushId=fa9c11d9-be01-41c4-81fa-a5ae65393f99&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.3.2.vaadin1-javascript&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&Content-Type=application/json; charset=UTF-8&X-atmo-protocol=true (vaadinPush-min.js, line 1)

[Error]
 WebSocket connection to 'ws://server.jasse.ch:8080/jass/?v-r=push&v-uiId=1&v-pushId=fa9c11d9-be01-41c4-81fa-a5ae65393f99&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.3.2.vaadin1-javascript&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&Content-Type=application/json;%20charset=UTF-8&X-atmo-protocol=true' failed: Unexpected response code: 403

I use Spring integration with this config:

protected void configure(HttpSecurity http) throws Exception {
	http
			.authorizeRequests()
					.antMatchers("/jass/**").hasAnyRole(JASSE_MODERATOR_ROLE, JASSE_BETA_TESTER_ROLE)
			.and().formLogin()
			.and().csrf()
					.disable()
	;
}

Am I missing some websocket related security configuration? But if yes, why does everything work with chrome (and firefox)?

Stefan356 · August 1, 2020, 12:50pm

I have now prepared a test user to see the error in action on my beta test access: http://www.jasse.ch/vollbild/html

username: vaadin_forum_text_user
password: vaadin rocks

In Chrome I see the login form (and the app works fine)
In Safari there is an error in the dev console