Browser Content Redirection

[doggatas]

Hi

 

We're currently on LTSR 7.15 but really like/need the BCR feature of 7.16 onwards.

 

I've setup a test environment using 1808 and I can get the content redirection work perfectly when I manually set our proxy in IE 11, but when using a proxy pac file, a websockets error is displayed in debugging window of developer tools: (worth noting I am only testing with youtube.com at the moment).

 

[HdxVideo.js] doRedirection(): exception connecting to WebSocket: SecurityError

 

I've tried many different pac file filters to send the websocket connection (https://127.0.0.1:9001) directly instead of via proxy. 

 

Anyone configured this feature while using a PAC file for proxy settings?

 

Regards,

David

 

 

[doggatas]

Hi,

 

I have resolved my issue. The detection of intranet sites was causing the error. The below settings is what makes it work with a PAC file. Not too sure of the impact, I guess it would mean I would need to add any Local Intranet sites to the Local Zone manually (that need it).

 

Regards,

David

[Fernando Klurfan1709153904]

HI David

 

this is caused by IE11 and the way the security settings and Trusted Sites are handled under Internet Options-->Security.

Two questions for you:

1-Are your IE security zones configured in any special way?

2-How is your pac file configured to handle 127.0.0.1?

 

Internet Explorer automatically assigns all websites to a security zone: Internet, Local intranet, Trusted sites, or Restricted sites. Each zone has a different default security level that determines what kind of content might be blocked for that site. Depending on the security level of a site, some content might be blocked until you choose to allow it

 

If you try to browse to https://127.0.0.1:9001/ do you get a "Success!" ?

Our javascript HdxVideo.js must be able to open a wss secure websockets connection to that service in the VDA running in localhost.

If IE's settings prevent that (seen as WebSocket: SecurityError in the Developer Tools Console)  then everything fails.

I know there is an option under Internet Options --> Connections --> LAN Settings --> Proxy Server --> Bypass proxy server for local addresses that could be ticked and bypass your proxy - if HdxVideo.js is forced to go through a proxy for contacting 127.0.0.1:9001, it will never be able to communicate with our WebSocketService.exe in the VDA.

 

 

 

[doggatas]

Thanks for the reply.

 

I have placed YouTube, ws://127.0.0.1:9001, wss://127.0.0.1:9001 and https://127.0.0.1:9001 in the trusted zone of IE as per the browser content redirection troubleshooting KB article. This is configured using GPO site to zone list setting. 

 

I have told 127.0.0.1 and 127.0.0.1:9001 to go direct in the pac file many different ways. With the pac file enabled in IE i can navigate to https://127.0.0.1:9001 and i get the success, so this tells me the pac file is doing its job and sends the request direct. It just does not do it when going to YouTube. I've disabled server render and fetch so all i get is a grey background with a red "no" circle sign where the video should be playing.

 

Edited September 30, 2018 by david2510
Added info

[Fernando Klurfan1709153904]

HI David,

can you go to Developer Tools -> Console and type:

 

var exampleSocket = new WebSocket('wss://127.0.0.1:9001');  exampleSocket.onmessage = function(messageEvent) { console.log(JSON.stringify(messageEvent)); };

 

wait a few seconds and then type:

 

exampleSocket.readyState

 

The expected output from the 2nd line, is

1

which indicates that the WebSocket connection was successfully formed. We need to understand if there is anything preventing wss communications.

 

 

 

0 (CONNECTING)

The connection is not yet open.

1 (OPEN)

The connection is open and ready to communicate.

2 (CLOSING)

The connection is in the process of closing.

3 (CLOSED)

The connection is closed or couldn't be opened.

[doggatas]

Thanks so much for the reply, if you're a Citrix employee I do have an open ticket to which I can supply the ticket no.

 

I tried the first line of code and that returns SecurityError and of course second line of code returns undefined - no surprises there.

 

I removed proxy pac file configuration and sure enough commands work as you describe. This is good though. Those couple of lines of JS in the console will make my troubleshooting so much quicker. I will try all my different pac file tricks to send the wss/ws protocol DIRECT, very easy to test now. I should have realised I could copy the "new WebSocket" code from HDXVideo.JS and paste into browser console.

 

Edit: now armed with this test, I tested with chrome (the console commands) and it can connect to the sockets using chrome + pac file proxy settings. Which would indicate a setting in IE needs to be tweaked?

 

Thanks so much.

 

Regards,

David

[Dmitrij Lejkin1709155074]

Hello,

have you solved this problem? can you please write the solution

 

Regards

Dim