Hya,
I'm running a socket.io server in a NodeJS enviroment under HTTPS. The js Code which calls my app to start the communication with my socket.io server runs on a sharePoint 2013 instance (Office 365).
If I visit my page in Chrome or Firefox everything works perfectly fine. In iE10 I get the following waring from the socket.io client in the console
SCRIPT5: Access is denied.
socket.io.js, line 1641 character 9
which is the following line
xhr.open('GET', url, true);
It seems that either the iE or the IIS from the SharePoint assumes an XSS while using jsonp/xhr - polling. The configured transports are
- 'jsonp-polling'
- 'websocket'
- 'xhr-polling'
in that order. We use
- SocketServer 0.9.16
- SocketClient 0.9.11
Just for testing purposes I just set
io.util.ua.hasCORS = false;
on line 1626 which helps, but leads of course to a security warning allá
SEC7130: Potential cross-site scripting detected
Does anyone know what I'm doing wrong or what is the problem here? Thanks in advance!
edit after I did some more research I found the following discussion on googleGroups. Also I commented my GitHub Issue
