Skip to content

Allow wss:// connections to MQTT broker in CSP connect-src#7205

Merged
cstns merged 3 commits into
mainfrom
csp-allow-mqtt-wss
May 6, 2026
Merged

Allow wss:// connections to MQTT broker in CSP connect-src#7205
cstns merged 3 commits into
mainfrom
csp-allow-mqtt-wss

Conversation

@cstns
Copy link
Copy Markdown
Contributor

@cstns cstns commented May 6, 2026
edited
Loading

Description

  • Browsers were blocking wss://mqtt.flowfuse.cloud connections because the broker host was added to connect-src without a scheme. Per the CSP spec, a bare host inherits the protected page's scheme (https), so WebSocket upgrades to wss:// were rejected.
  • Explicitly allow both wss:// and https:// schemes for the broker host so the MQTT-over-WebSockets client can connect.

Related Issue(s)

closes #7206

Checklist

  • I have read the contribution guidelines
  • Suitable unit/system level tests have been added and they pass
  • Documentation has been updated
    • Upgrade instructions
    • Configuration details
    • Concepts
  • Changes flowforge.yml?
    • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
    • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production
  • Link to Changelog Entry PR, or note why one is not needed.

Labels

  • Includes a DB migration? -> add the area:migration label

@cstns cstns marked this pull request as draft May 6, 2026 11:47
@cstns cstns mentioned this pull request May 6, 2026
Closed
@cstns cstns marked this pull request as ready for review May 6, 2026 13:35
@cstns cstns requested a review from hardillb May 6, 2026 13:36
@codecov
Copy link
Copy Markdown

codecov Bot commented May 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 76.59%. Comparing base (341af46) to head (237d32d).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
forge/forge.js 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7205   +/-   ##
=======================================
  Coverage   76.59%   76.59%           
=======================================
  Files         405      405           
  Lines       20579    20580    +1     
  Branches     4975     4975           
=======================================
+ Hits        15762    15763    +1     
  Misses       4817     4817
Flag Coverage Δ
backend 76.59% <66.66%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@cstns cstns enabled auto-merge May 6, 2026 14:12
@cstns cstns merged commit f2665ec into main May 6, 2026
29 checks passed
@cstns cstns deleted the csp-allow-mqtt-wss branch May 6, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hardillb hardillb hardillb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CSP blocks wss:// connections to MQTT broker

2 participants

@cstns @hardillb