WebSocket communications can either take place over the ws://
protocol or the wss://
protocol. They can be thought of in similar terms to the HTTP and HTTPS protocols in that one is secure and one isn't. Secure WebSockets are encrypted by the transport layer, so they are safer to use when handling sensitive data. The main feature of HTTPS (and wss) is that socket is encrypted from client to server, so if we're in the same network and we try to sniff the content, we won't see anything legible.
If your application uses the HTTPS
protocol, you will also need to use the wss
protocol for your WebSockets. Many browsers do not allow un-secure content when they use HTTPS.
In this recipe, we will learn how to force our Socket.IO communications to happen over the wss://
protocol for an extra layer of encryption.