I would be more than happy to test this with a developer. I am a server administrator and have both Windows and Linux machines and can provide testing on both proxied, unproxied, NATed, unNATed, IPv6 and v4. Will collect Wireshark dumps as desired.
For me at home, this is resolved by disabling my SQUID proxy, which is transparently routing ONLY port 80 through the proxy. And hasn't caused any mysterious impact anywhere else.
With proxy on, Iceweasel gives me:
[20:23:57.941] Iceweasel can't establish a connection to the server at ws://rc.tf2center.com/lobbies?15-IResourceListener.0-&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=1.0.13&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0. @ http://rc.tf2center....DF811E82.js:638
[20:23:58.056] GET http://rc.tf2center...._=1397262237947 [HTTP/1.1 200 OK 84ms]
[20:23:57.943] "Websocket closed, reason: Connection was closed abnormally (that is, with no close frame being sent)."
[20:23:57.943] "Websocket closed, wasClean: false"
[20:23:57.943] "Websocket failed. Downgrading to Comet and resending"
With it off, all works correctly.
I am not a web developer so the tons of information available in the web console doesn't mean much to me, and I don't know what to provide.
Squid does appear to be passing the traffic correctly, as I receive the expected "TCP_MISS" for an uncached, but valid and proxied, web request. However, if WebSockets ends up then trying to do straight TCP/IP chatter over port 80, a proxy server will definitely get in the mix. For this reason, I would expect most web-socket utilizing websites to do the websockets on port 443, since most proxies have to be configured to just pass 443 traffic through as is. It's possible that Squid will be smart enough to recognize plain-text HTTP on port 443 and not treat it like a CONNECT request... but I don't have a good way to test that at present.
Users, make sure you are not behind a proxy. Some of you will know how to do this, some of you will not. Internet security software can silently intercept your web traffic for scanning, as do most corporate Internet connections. Some of you won't be able to address this even if you knew how, due to Internet provider restrictions or just having an overbearing parent like me.
TF2Center. Consider running websockets on port 443, or providing an alternate path (HTTPS, secured by a free CaCert certificate) for users who are on "tampered with" connections.
Edited by OverkillTASF, 12 April 2014 - 12:01 AM.