Swallowing secure (wss) connection errors if the URL string is provided without a protocol

[sanfierro-pony]

I have read the above disclaimer and I am submitting a new bug report and have verified no other duplicate reports exist in the Issues or Discussions tabs.

• Confirm

Describe the Issue

Important: I am not mariomantaw! I'm just a user of the Archipelago Paint project.
I'll quote https://github.com/ThePhar/archipelago.js/blob/main/src/classes/managers/SocketManager.ts#L64-L74 here:

// Check if protocol was provided and URL is valid-ish, if not we'll add wss and fallback to ws if it fails.
const pattern = /^([a-zA-Z]+:)\/\/[A-Za-z0-9_.~\-:]+/i;
if (!pattern.test(url)) {
    try {
        // First try "wss".
        return await this.connect(new URL(`wss://${url}`));
    } catch {
        // Nope, try "ws".
        return await this.connect(new URL(`ws://${url}`));
    }
}

We swallow whatever error/exception happens during the wss:// connection trial, so the user doesn't even get to know about it.

Reproduction Steps

Open https://mariomantaw.github.io/jspaint in your browser of choice.
Type whatever in the "Slot name:" field.
Click "Connect!".
Get "SecurityError: The operation is insecure." in Firefox, or "SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS." in Falkon, or an analogous error in your browser complaining about the insecure websocket. (When the original problem was that the server refused the connection!)
Notice that it doesn't happen on localhost Why do browsers allow localhost connections without asking the user if https://localmess.github.io/ exists? But I digress and get sent to a rabbit hole, which for me ends with creating this very issue.

Expected Behavior

The user gets to know the original secure connection error

Library Version

2.0.2

Environment / Runtime

Firefox 140.0.4, I don't know about Node or Bun

Project Repository

https://github.com/MarioManTAW/jspaint

Additional Notes, Screenshots, or Files

As you can see, it's not my project, I just use their already compiled/published page, but it still affected me, so I decided to write this issue after making sure it doesn't already exist.
I guessed the version from https://github.com/MarioManTAW/jspaint/blob/master/lib/archipelago.min.js#L1C1025-L1C1032
Besides version 2.0.2, which seems to be the latest release, some older versions are probably affected as well. You may be interested into looking as far back as

archipelago.js/src/managers/socket.ts

Lines 65 to 75 in 15ae83a

	// Check if protocol was provided and URL is valid-ish, if not we'll add wss and fallback to ws if it fails.
	const pattern = /^([a-zA-Z]+:)(?:\/\/)?[A-Za-z0-9_.~\-:]+/i;
	if (!pattern.test(url)) {
	try {
	// First try "wss".
	return this.connect(new URL(`wss://${url}`));
	} catch {
	// Nope, try "ws".
	return this.connect(new URL(`ws://${url}`));
	}
	}

when the code was first introduced (seems to me) in another file and even before the

archipelago.js/src/managers/socket.ts

Lines 77 to 87 in bf30f2d

	// Check if protocol was provided and URL is valid-ish, if not we'll add wss and fallback to ws if it fails.
	const pattern = /^([a-zA-Z]+:)(?:\/\/)?[A-Za-z0-9_.~\-:]+/i;
	if (!pattern.test(url)) {
	try {
	// First try "wss".
	return await this.connect(new URL(`wss://${url}`));
	} catch {
	// Nope, try "ws".
	return await this.connect(new URL(`ws://${url}`));
	}
	}

fix of adding the "await" keyword and before the

archipelago.js/src/classes/managers/SocketManager.ts

Lines 61 to 71 in 70efac3

	// Check if protocol was provided and URL is valid-ish, if not we'll add wss and fallback to ws if it fails.
	const pattern = /^([a-zA-Z]+:)\/\/[A-Za-z0-9_.~\-:]+/i;
	if (!pattern.test(url)) {
	try {
	// First try "wss".
	return await this.connect(new URL(`wss://${url}`));
	} catch {
	// Nope, try "ws".
	return await this.connect(new URL(`ws://${url}`));
	}
	}

project re-restructure.