Safari 10 (on macOS Sierra at least) rather sensitive regarding websockets, just like iOS 10 is:
Refused to connect to ws://domain/websocket because it does not appear in the connect-src directive of the Content Security Policy.
3 Likes
Thanks for the heads-up. I am using Meteor’s browser-policy package, and this seems to clear up the errors reported in the Safari 10 console (at least on Safari 10.0 running on OS X 10.11.6):
BrowserPolicy.content.allowConnectOrigin("ws://localhost:*");
BrowserPolicy.content.allowConnectOrigin("wss://my.domain.com:*");
Note:
- I tried using
BrowserPolicy.content.allowConnectSameOrigin(), but that doesn’t work ( I guess because of the different scheme … wss instead of https) - Safari seems to want the port specified in the policy also. It does not work if I leave out the ‘
:*’ suffix. - Looks like it also needs an entry for running my app on my local machine in dev mode too (hence the
ws://localhost:*line above) !
3 Likes
Thanks for the heads up. Got this fixed immediately <3