[HTML5] WebSockets over TLS


#1

Hi there!
So I’m making a f2p game for russian social network (vk.com) and it’s demanding a secured connection. Since I can’t communicate with JS through Defold (and I need it to enable payments via VK JS API) I’ve figured I can use websockets to tie together server, vk and Defold. The problem is that the only viable websocket example I’ve found (https://github.com/britzl/defnet) doesn’t support wss protocol :frowning:
I know there are wss solutions in Lua out there, but I’m pretty new to this language and it’s package system so I have no idea how to integrate it into Defold’s environment. Could someone please give me some guidance?

Or maybe there is a way to do this without websockets or constantly spamming http requests?


#2

LuaWebsocket which I based my websocket example on has support for secure websockets, but only if the version of Lua used includes luasec. Now, Defold doesn’t include luasec, but with our new Native Extension support it would be possible to add luasec as an extension.

Could you please describe what exactly it is you wish to do? You’re doing an HTML5 game and you need to use a VK JS API? How did you plan to use websockets?

We will very soon add support for Javascript native extensions which when we have it in place would probably be a better solution for you to integrate the VK JS API.


#3

Well to make any purchase in a game you must use vk’s own currency. So I need it’s API to start purchase process.
After successful transaction vk sends request to my server where I confirm that everything is ok.
Last step - show to user the stuff he bought and it must happen right away. This is where the struggle begins.
I can’t (at least for now) tell Defold that is time to ping server for possible new information (and I don’t want to send requests every other second), so I figured that websockets could solve the problem.

But this last part about Javascript native extensions sounds like exactly what I need!


#4

Indeed. I believe your best bet is to wait for this. We’re currently working on the Java support for Native Extensions on Android and I’m guessing that Javascript will be coming after that. @Mathias_Westerdahl and @sven will be able to tell you more.


#5

For HTML5 + SSL/WSS, it seems it won’t be that easy to achieve this seamlessly.

Currently, when loading the page from an "https://" URL, the client tries to connect to "ws://hostname:443", which results in "Mixed Content error".

Mixed Content: The page at 'https://...' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://...:443/?colyseusid='. This request has been blocked; this endpoint must be available over WSS.

(created an issue on defold-websockets project about this)

In a pull-request I’ve sent to emscripten, they explain that the default WebSocket protocol can be changed either at compile-time, or runtime. Here’s the detailed comment from a maintainer.

As a workaround, for now, you can search in your final ".js" build for:

var url="ws:#".replace("#","//")

And replace it with:

var url="wss:#".replace("#","//")

I hope this can help the Defold team to address this somehow :slight_smile: