Vulnerability in EPiServer.Forms
After an upgrade to EPiServer.CMS.UI 9.4.0 I get the following error message in edit mode.
A real-time connection could not be established with the server. This may be caused by incorrect configuration. Please see the User interface section in the user guide for further information.
The console shows the following error:
WebSocket connection to 'ws://moderna.local/EPiServer/Shell/socket/endpoint/' failed: Error during WebSocket handshake: Unexpected response code: 200
I have followed the steps explained here to no avail: http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/User-interface/websocket-support/
WebSocket Protocol was not activated for IIS.
So in case you have the same problem the just go to "Turn Windows features on or off" and activate "WebSocket Protocol" under "Internet Information Services/World Wide Web Services/Application Development Features"
I've updated the WebSocket support document you mentioned and included a part how to install WebSockets protocol.
Thanks for pointing that out.
There's a good blog post by Eric Pettersson about fixing this problem: http://world.episerver.com/blogs/Eric-Pettersson/Dates/2016/2/fixing-the-websocket-protocol-support-issue-when-upgrading-to-episerver-ui-9-4-0/
I've looked at the exception description you posed and it seems like an infrastructure issue (WebSockets settings in Azure) not a code related bug. My guess is the connected client (an editor) is either disconnected or become unreachable (a sudden refresh of the page) but server is still holding down her reference. Can you confirm that the WebSockets and EPiServer real-time communcation had been working for you till you upgraded to 9.6+? Or is that this is the first time you upgraded to WebSockets?
I do in fact have the WebSockets setting enabled in Azure. To provide additional information, these errors are *caused* by a user that only has access to a new EPiServer Service API endpoint. The service API method is making changes to Commerce content within the site. Knowing that EPiServer 9.X+ uses WebSockets to send real-time messages to users in the editing interface regarding changes, I assume the commerce changes being made are causing notifications to attempt to be sent to users in the editing interface. Why there are failing I cannot determine, as no other Web Socket errors are being thrown aside from ones generated by the Service API user.
I tested commerce solution with EPiServer Service API endpoint and couldn't see any exceptions/logs which you're having for WebSockets. I also found that until you specifically request the Realtime store (../socket/endpoint), the Service API client doesn't connected to WebSockets at all. So i'm curious how your client gets hooked up with WebSockets, is it possible for you to send me code which has Service API end point? The only way for a user (client) to get connected to WebSockets is via edit mode (since we've realtime stores which request socket endpoint). There is also a bug created for this and you can have a look at it.
To clarify, there's no connection between the service API user with WebSockets.
The issues appears to be when an actual editor is subscribed to changes via WebSockets inside edit mode while a background Service API user is making changes. The reason I believe this is: The editor has accessed/edited the commerce file before, and the error (in Elmah) is logged under the Service API user's name.
The bug has been created for this issue and the fix is in review now. Once its shipped in coming weeks, you've to test the scenario and let me know if that fixes the issues you've.