Modern websites may use the state-of-the-art concept “Server Sent Events” (SSE). On a Windows 10 machine with active Kaspersky Endpoint Security, SSE communication is getting blocked in my development environment. My web application doesn’t use TLS encryption.
The transmitted data conforms the W3C standard for SSE communication. As soon as the server application tries to broadcast the data through a EventSource channel it seems to block. The client application receives the data after exactly 30 seconds.
I’ve attached a PoC with a basic example which uses SSE. It consists of a Node.js server (server.js) which waits for SSE connections and transmits “data: abc\n\n”. The client (client.html) receives the response after exactly 2 minutes, as long as Kaspersky protection is enabled.
- Install Node.js
- Start the node server via: node server.js
- Open the client HTML page with Chrome or Firefox
- The client page displays three messages, immediately:
2021-2-10 11:23:17 Start SSE request…2021-2-10 11:23:17 Connected!2021-2-10 11:23:17 abc
- It requires exactly 2 minutes on my machine with active Kaspersky until the last two messages appear:
2021-2-10 11:22:44 Start SSE request…2021-2-10 11:24:44 Connected!2021-2-10 11:24:44 abc