Actually I did some additional experimentation. Like I said, the websocket test sites said SSL would work. I wasn't buying that my home cable ISP was being accepted for serving html and blocking websockets. So I tried this simple echo test from this page:
http://jsfiddle.net/EAVvQ/24/
Actually it seems to be the websockets.org echo test. I copied the HTML there into the Chat sample App (I was going between the Helloworld and Chat app for debugging) "www" folder (I called it echo.html). I tried it. Didn't work initially but the HTML is simple. I changed:
websocket = new WebSocket("
ws://echo.websocket.org/");
to
websocket = new WebSocket("
wss://echo.websocket.org/");
Adding the wss for https, and boom! worked from my B4J sample chat app www directory. The echo worked from behind my corporate firewall.
So I did some digging in b4j_ws.js and looked at what it was doing. Couple things, I noticed the browser inside the corporate firewall didn't seem to be loading the b4j_ws.js at all. I proved this but just putting a simple "Alert("Loaded b4j_ws.js") in b4j_connect() function. Outside the firewall, worked, inside it didn't. So I used a "brute force" tactic and changed the entry in index.html from:
<head>
<title>B4J - Chat Example</title>
<script src="
https://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="index.css" />
<script src="
/b4j_ws.js"></script>
</head>
to
<head>
<title>B4J - Chat Example</title>
<script src="
https://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="index.css" />
<script src="
https://secure.mydomain.com/b4j_ws.js"></script>
</head>
After doing that, success, I got my alert pop-up inside my corp firewall browser. After that, I tried the chat functionality but still no joy. So in the same b4j_connection function I put another alert to show me the fullpath variable contents which holds the actualy websocket url:
fullpath = ((l.protocol === "https:") ? "wss://" : "ws://") + l.hostname + ":" + l.port + absolutePath;
alert(fullpath);
After doing that, I was getting wss://secure.mydomain.com
:/login
I noticed based on the formula for fullpath the l.port was blank. Strange, that it was blank inside corp firewall (I actually haven't tried outside yet). Anyway, I brute force hard coded the port as:
fullpath = ((l.protocol === "https:") ? "wss://" : "wss://") + l.hostname + ":"
+ "443" + absolutePath;
Saved and BOOM, it works inside my corp firewall! So this of course makes me happy. I still don't know if I simply just have to tweak these things (which is no problem) or I forgot some setting (would be helpful to know) but I got it working. I am wondering if it would actually work without the SSL cert now (meaning you'll get the "this is not a safe site...message). Although that use-case really doesn't make sense in real world apps anyway.
Good stuff