Warning regarding macOS Sierra Safari 10 and websockets

Safari 10 (on macOS Sierra at least) rather sensitive regarding websockets, just like iOS 10 is:

Refused to connect to ws://domain/websocket because it does not appear in the connect-src directive of the Content Security Policy.

Thanks for the heads-up. I am using Meteor’s browser-policy package, and this seems to clear up the errors reported in the Safari 10 console (at least on Safari 10.0 running on OS X 10.11.6):



  • I tried using BrowserPolicy.content.allowConnectSameOrigin() , but that doesn’t work ( I guess because of the different scheme … wss instead of https)
  • Safari seems to want the port specified in the policy also. It does not work if I leave out the ‘:*’ suffix.
  • Looks like it also needs an entry for running my app on my local machine in dev mode too (hence the ws://localhost:* line above) !

Thanks for the heads up. Got this fixed immediately <3