Skip to content

fix: use wss:// for WebSocket on HTTPS pages#22

Merged
adnaan merged 1 commit intomainfrom
fix/websocket-scheme-detection
Mar 15, 2026
Merged

fix: use wss:// for WebSocket on HTTPS pages#22
adnaan merged 1 commit intomainfrom
fix/websocket-scheme-detection

Conversation

@adnaan
Copy link
Contributor

@adnaan adnaan commented Mar 15, 2026

Summary

  • Fixed WebSocket URL always using ws:// regardless of page protocol
  • On HTTPS pages, browsers block mixed-content WebSocket connections with SecurityError
  • Now detects window.location.protocol and uses wss: for HTTPS pages

Root Cause

transport/websocket.ts:206 always constructed:

return `ws://${window.location.host}${liveUrl}`;

Behind TLS-terminating reverse proxies (Fly.io, Cloudflare, AWS ALB), the page loads over HTTPS but the client tried to open a ws:// WebSocket — browsers reject this as mixed content.

Fix

const wsScheme = window.location.protocol === "https:" ? "wss:" : "ws:";
return `${wsScheme}//${window.location.host}${liveUrl}`;

Test plan

  • All 213 client tests pass
  • Verified with chromedp E2E test against Fly.io deployment (HTTPS → wss:// → WebSocket connected)

🤖 Generated with Claude Code

@adnaan @claude
fix: use wss:// for WebSocket on HTTPS pages
b9722c4 
The WebSocket URL was always constructed with ws:// regardless of the
page protocol. On HTTPS pages, browsers block mixed-content WebSocket
connections with a SecurityError, making LiveTemplate non-functional
behind any TLS-terminating reverse proxy (Fly.io, Cloudflare, AWS ALB).

Now detects window.location.protocol and uses wss: for https: pages.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 15, 2026 06:30
@claude
Copy link

claude bot commented Mar 15, 2026

Review:

The fix is correct and necessary. Hardcoding ws:// would cause mixed-content errors and connection failures when the page is served over HTTPS — browsers block insecure WebSocket connections from secure pages.

The scheme detection logic (protocol === "https:" ? "wss:" : "ws:") is the standard approach and handles both cases properly.

No issues. LGTM.

Copilot AI reviewed Mar 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes WebSocket connections failing on HTTPS pages due to mixed-content blocking by dynamically selecting wss: or ws: based on the page protocol.

Changes:

  • Replace hardcoded ws:// scheme with protocol-aware scheme selection for WebSocket URLs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@adnaan adnaan merged commit 398f752 into main Mar 15, 2026
10 checks passed
@adnaan adnaan deleted the fix/websocket-scheme-detection branch March 15, 2026 06:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adnaan