User profile for user: alex-ya
alex-ya Author
User level: Level 1
5 points

[blocked] The page at https:// was not allowed to run insecure content from ws://127.0.0.1:12345/.

msOS 12.3.1

safari: Version 15.4 (17613.1.17.1.13)


I am a software engineer and developing a tool on macOS platform. We have a website (which has not been published to public and will be soon), e.g. **** There is a button in the website, clicking it will launch an app installed in the local macOS through web socket connection.

But when I click the button, it fails to work. In the safari browser console log, it tells me the error.


This functionality works fine on both Chrome and Edge browser. I wonder if there is some security settings or policies preventing this. Or I need to add some special code to make it work.


any help will be much appreciated.


errors in the console log of safari:

[blocked] The page at **** was not allowed to run insecure content from ws://127.0.0.1:12345/.


[Link Edited by Moderator]

MacBook Pro

Posted on Aug 3, 2022 6:03 PM

Reply

Similar questions

10 replies
User profile for user: MrHoffman
MrHoffman
User level: Level 10
151,473 points

Aug 7, 2022 8:54 PM in response to alex-ya

alex-ya wrote:

added more information:

from the doc, it looks like that safari doesn't support mixed content.
https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content


Mixed content is certificates is wss:// is the entirety of what has been reporting here; the requirement for secure access and possibly the use of self-signed trusted certificate. This is what we have been discussing here. Mixing http content on an https page is prone to exploitation.

Reply
User profile for user: alex-ya
alex-ya Author
User level: Level 1
5 points

Aug 3, 2022 10:48 PM in response to MrHoffman

I don't understand why it can work from the link you mentioned. If I enable the webSocketSecure, I also need to provide a certificate. 


-useWebSocket, servers will start as websocket server if this is true
-webSocketSecure, if servers start as websocket server, it will start in secure mode if this is true
-webSocketCertPath, path to certification file which its extension is .pfx, it is required if webSocketSecure is true
-webSocketCertPassword, password for the certification file (.pfx).


Our product including website and app will be released to customers, is that 'private' certificate issued to a 127.0.0.1 address can be released?


Reply
User profile for user: alex-ya
alex-ya Author
User level: Level 1
5 points

Aug 3, 2022 6:18 PM in response to MrHoffman

No, not http or https resources directly. My code will create a websocket, e.g.


const url = `ws://${this.host}:${this.port}`;

this.webSocket = new WebSocket(url);


after installing our app on local macOS, it will install an agent as well. so, in the browser, clicking the button will try to connect to the agent and awake it, then the agent will launch our app.


I don't know how zoom.us or Microsoft teams approach that. We just used this webSocket solution. Both Chrome and Edge can work, but Safari failed.



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

[blocked] The page at https:// was not allowed to run insecure content from ws://127.0.0.1:12345/.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up