[erlang-questions] Recommendations for secure websocket + fallbacks

Maas-Maarten Zeeman <>
Sat Jan 30 21:59:10 CET 2016

Having to do cross-domain connections the easiest thing you can do is insert an communication iframe on the page and use the postMessage api between the page and your communication iframe. That is by far the easiest way to deal with this.

As for experience with websockets. There are a couple of issues you will encounter in the real world. There are a browsers who don’t support websockets. Mainly IE < 11, usually found in corporate environments. If you have to serve these kind of clients you need a long-polling fallback mechanism. There could also be issues with proxies, which you can also typically find in corporate environments or mobile providers. Usually those problems can be avoided  by running the websocket over ssl. Be aware that some mobile providers even block long-polling and mobile safari doesn’t support long-polling. 

Another possibility is using SSE for server to client push messages and use ajax for client to server messages. But sometimes this also doesn’t work. I’ve found some windows virus/firewall products which block SSE streams.

When using a long-polling + ajax fallback you have to be aware that client -> server messages don’t always arrive in sequence. Ajax requests can also be cancelled and don’t arrive at all. You need a mechanism to deal with this. In zotonic we have automatic retransmissions to deal with situations like these.

So it can be quite a puzzle to get websockets and fallbacks working reliably. It all depends a bit on what your needs are.


More information about the erlang-questions mailing list