I discovered that if user is connected to chat(web socket)…second line in the wss://example.com/socket.io returns the “token” message with all user ids and appIceServer credentials (from server side option file) (these are Turn servers with username and password). What is the point of these credentials if it’s public like this:

....,"iceConfig":{"iceServers":[{"urls":["stun:example:1234"]},{"urls":"turn:example:1234","username":"test","credential":"123456"},....

The File that generates that respond:



github.com open-easyrtc/open-easyrtc/blob/master/lib/easyrtc_default_event_listeners.js /* global module, require, console, __dirname, process */ /** * Event listeners used by EasyRTC. Many of these can be overridden using server options. * * @module easyrtc_default_event_listeners * @author Priologic Software, info@easyrtc.com * @copyright Copyright 2016 Priologic Software. All rights reserved. * @license BSD v2, see LICENSE file in module root folder. */ var util = require("util"); // General utility functions core module var _ = require("underscore"); // General utility functions external module var g = require("./general_util"); // General utility functions local module var async = require("async"); // Asynchronous calls external module var pub = require("./easyrtc_public_obj"); // EasyRTC public object /** * Event listeners used by EasyRTC. Many of these can be overridden using server options. The interfaces should be used as a guide for creating new listeners. This file has been truncated. show original

(search for tokenMsg)

I can remove these parts from the file but then the turn servers are not used, removing does not seem to be the solution.

LIVE DEMO I FOUND: https://www.treatfield.com:8443/demos/demo_instant_messaging.html

(inspect WS)

node server file is here: https://github.com/open-easyrtc/open-easyrtc/blob/master/server_example/server_ssl.js (other one is server.js (http))

How to avoid this. What’s wrong with this, is this normal?