Hya,
I'm running a socket.io server in a NodeJS enviroment under HTTPS. The js Code which calls my app to start the communication with my socket.io server runs on a sharePoint 2013 instance (Office 365).
If I visit my page in Chrome or Firefox everything works perfectly fine. In iE10 I get the following waring from the socket.io client in the console
SCRIPT5: Access is denied.
socket.io.js, line 1641 character 9
which is the following line
xhr.open('GET', url, true);
It seems that either the iE or the IIS from the SharePoint assumes an XSS while using jsonp/xhr - polling. The configured transports are
in that order. We use
Just for testing purposes I just set
io.util.ua.hasCORS = false;
on line 1626 which helps, but leads of course to a security warning allá
SEC7130: Potential cross-site scripting detected
Does anyone know what I'm doing wrong or what is the problem here? Thanks in advance!
edit after I did some more research I found the following discussion on googleGroups. Also I commented my GitHub Issue
Fixed! The solution is that you have to add a p3p header bevor you send the cookie. The header should look something like that
res.setHeader("p3p", "CP=\"COM CNT DEM FIN GOV ONL OTC PHY ALL DSP NID OHO CUR OUR BUS IND LEG NOR STP\"");
Set a break point on the line and check the url. My app runs in http://www.localhost/(...) and the url was http://localhost/(...).
Before
var socket = io.connect('http://localhost:4000', { query: "fk="+my_id });
After
var socket = io.connect('http://www.localhost:4000', { query: "fk="+my_id });
Regards.