websocket authentication

[robl]

Hi All, per the websocket docs, I placed the websocket sample file onto ISY and it works when I run http://isy.laddish.net/user/web/mydir/websock.htm

I have my own rPi apache server used for more complicated things. I'd like to load html page with complex JS that auto-update to changing events, and it seems websockets would be perfect. 

But ... I'm hung up on authentication. It seems that since the source of the HTML matters, even though it's running in my tablet. If the source html file comes from ISY, it looks to work, if from somewhere else, it fails. There is a big section in the docs for an Apache proxy server to ISY. Seems overkill to me, I don't want to tunnel requests through apache to ISY, I simply want to call ISY directly from a client on the local LAN and authenticate.

Has anyone else found a simple way to authenticate to isy for web sockets? Or is the apache proxy a must to make this work?

Thanks!

Rob

[MWareman]

Thre are no websocket client libraries that allow authentication to be added. It’s not an ISY limitation - but a JavaScript/websocket limitation.

The only ‘solution’ is to host the html on the same hostname that the websocket connection will be made to - and rely on the browser passing a cached credential when connecting the websocket after prompting the user for authentication in the main browser session.

If not hosting the html on ISY, then a reverse proxy is needed to cause the browser to see both under the same host name.

[robl]

@MWareman, thank you for the great explanation. Seems like a gap to me in the standard. I'd hope there would be workarounds where ISY could host a javascript file that creates the websocket, and then include that from my rPi dynamic html, but imagine even if it does work, it'd likely run afoul of the cross-site scripting checks. 

For me it's very dynamic content, html created from a perl script, after it's read all my ISY devices, and formatted the output into custom report tables. Beyond the capabilities of ISY. I sometimes wish ISY ran on a rPi open platform.  

I'll check out the reverse proxy, thank you for your help!

[MWareman]

One of these days I’ll learn Angular/JS. It would be a *perfect* framework to write an HTML5 admin console replacement with.

[larryllix]

7 hours ago, robl said:

@MWareman, thank you for the great explanation. Seems like a gap to me in the standard. I'd hope there would be workarounds where ISY could host a javascript file that creates the websocket, and then include that from my rPi dynamic html, but imagine even if it does work, it'd likely run afoul of the cross-site scripting checks. 

For me it's very dynamic content, html created from a perl script, after it's read all my ISY devices, and formatted the output into custom report tables. Beyond the capabilities of ISY. I sometimes wish ISY ran on a rPi open platform.  

I'll check out the reverse proxy, thank you for your help!

UDI reported they investigated using an RPi for ISY in the future but there are some licensing concerns that inhibited the idea from developing any further. It seems RPi isn't as open as people think.

[DrLumen]

4 hours ago, larryllix said:

UDI reported they investigated using an RPi for ISY in the future but there are some licensing concerns that inhibited the idea from developing any further. It seems RPi isn't as open as people think.

RPi as a closed system or UDI not wanting to go open source?

[larryllix]

6 hours ago, DrLumen said:

RPi as a closed system or UDI not wanting to go open source?

ahhhhh..Good point! Never thought of it that way.

[Michel Kohanim]

DrLumen,

UDI has NO plans of open sourcing ISY.  Polyglot is open source.

RPi, they do not send you the schematics unless you agree to purchase thousands upon thousands of chips.

With kind regards,
Michel