Unsecure Websocket connection breaks loading BCMS pages in NCBI production
We have deployed BCMS in NCBI production environment, https://bcms.ncbi.nlm.nih.gov/. Page loading breaks with browser errors like "Mixed Content: The page at '' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://bcms.ncbi.nlm.nih.gov/subscriptions'. This endpoint should be available via WSS."
To allow loading BCMS pages, I had to add https://bcms.ncbi.nlm.nih.gov/ to the list of sites with insecure content, see This is not acceptable from security standpoint and may be difficult to explain to end users.
Please change WSS url to use HTTPS, i.e. wss://bcms.ncbi.nlm.nih.gov/subscriptions. Another option is to make it configurable, so that developers can run the app locally over regular HTTP.
[kireeve@pdev21 bcms]$ grep -r ws:\/\/ *
node_modules/@coko/server/src/graphqlApi.js: subscriptionEndpoint: `ws://${host}/subscriptions`