Re: [Wish] Note on cross-origin WISH from browser
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Thu, 15 July 2021 17:45 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id BEF9B3A1466
for <wish@ietfa.amsl.com>; Thu, 15 Jul 2021 10:45:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jwk1GkAHeNH3 for <wish@ietfa.amsl.com>;
Thu, 15 Jul 2021 10:45:27 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com
[IPv6:2607:f8b0:4864:20::1036])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 054B73A1467
for <Wish@ietf.org>; Thu, 15 Jul 2021 10:45:26 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id
d9-20020a17090ae289b0290172f971883bso7002012pjz.1
for <Wish@ietf.org>; Thu, 15 Jul 2021 10:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=c1dVHohRPmIg+4Miafnz+Mzv2ycLGLaMWLYrDRRtcQ4=;
b=mrsaLoS7TiTB+NnU2GWQloDTwKLvaNJOY26el/EpzLCGrfCGA68YT2GtDCyTwEe5eI
RG57RPNC6Jhbr7EKHAZjiiNrFZGHrf44XH9prKQA9b+ZHzypoYWGCq7KsLPe5P/qQTM6
09asMugnPsgg0GWyxd2FoLHeD9LkuOz7vTiCFpMcSqoiLW03tU5ImrwJmprSaXGBA6P8
uOweR5dAwsn/hrW7FYvghHqomAKqGEHxlsCN7WEe4u/lri38J7a3m1vPu29wJb3TwrNa
tS2XY2qbKYs/FB4LN9wxoiapF0D9zKQvaGBHS9RQY/SrMynumWOJlSGT0WO87AB1qJEl
fk7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=c1dVHohRPmIg+4Miafnz+Mzv2ycLGLaMWLYrDRRtcQ4=;
b=eiqFylXhTj65eGAnHRM9h6r7uSUexNX61Uzd4hVs8ZoN3hFbldq5mjm+9s/5tw8xVG
J5iF4l7R8pJojssMCX/Hg2Ra7FCVlR5OluMW5gkPRdd65A7dMRhy9A7pOqkaSp4I8nm1
sqGsL0SrL1xz+PBl3FrnXUtNbiq9t7GPPw1fh3wlWpR3Q2+6TC8MBzYw+JUo3OUWGWUa
BOzuvaPPdYOo6JMR+lasA/1Y82WBDHCLtv1z0mnNl7gGg3qnyY5b65Zw+QNgfAth013f
fmG7tBV46rKjysRH0yA2gpH5nWDiLqoirKc3L7QIfysrIB4Ddo3G9C9UBGTLMi3Ts50N
FjAw==
X-Gm-Message-State: AOAM533h8twbnG3dN7JkwAl5+NgaiwM7lnjOq5nXIUpuE+WkzKUeM8jE
WtomMfg7uVDo/uF9rei2r9o5IrFSlvImEQQvV48=
X-Google-Smtp-Source: ABdhPJwISLHX/xgbOzMnsUEagrys/xwrrJLSknJoH+nblMTubMm9DGzkbWHE2DRDt6gStoViFZw+6x8qsy6ZCDN5ZkQ=
X-Received: by 2002:a17:90a:510b:: with SMTP id
t11mr11306831pjh.178.1626371126110;
Thu, 15 Jul 2021 10:45:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAMyc9bXKiRT-Sgata+SN7zMqvg9oRw3OFy=81O02qjv6HNLMAQ@mail.gmail.com>
In-Reply-To: <CAMyc9bXKiRT-Sgata+SN7zMqvg9oRw3OFy=81O02qjv6HNLMAQ@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Thu, 15 Jul 2021 19:45:13 +0200
Message-ID: <CA+ag07ZG1raGHA1fPAzp_M_QHDxGXfrdB1arqED298urxT_z-w@mail.gmail.com>
To: Cameron Elliott <garapa1@gmail.com>
Cc: WISH List <Wish@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003eabba05c72d096d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/-D-ut2m7Fsf-psWBxbBOwibt1qM>
Subject: Re: [Wish] Note on cross-origin WISH from browser
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>,
<mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>,
<mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 17:45:32 -0000
Hi Cameron, Indeed my intention is that WISH/WHIP works with CORS, and that the HTTP OPTIONS have to be implemented on the server side in order to allow it. I thought it was common http-knowledge and there was no need to have it covered in the spec. I will add it to the slides for the next meeting to discuss if we should explicitly mention it on the spec or not. Does that make sense? Best regards Sergio El jue, 15 jul 2021 a las 19:29, Cameron Elliott (<garapa1@gmail.com>) escribió: > I discovered something recently about WISH from the browser. > (sorry if this has been covered) > > > Cross-origin (differing domain,scheme or port) WISH POST requests (from > the browser) will be blocked, > which is expected for cross-origin requests. > > But, what if we want to do cross-origin WISH to permit publishing to > different ingress points? > (from the browser) > > Cross-origin WISH should be doable by using one of the CORS enablement > methods: > > There are two main ways of CORS being permitted: > 1. With flags to the fetch() method at the browser. ('cors' or 'no-cors') > <https://developer.mozilla.org/en-US/docs/Web/API/Request/mode#value> > 2. By the server responding to a a CORS preflight request > <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests>, > which is an HTTP OPTIONS request involving headers exchange. > > Method #1 is NOT available under WISH because WISH doesn't conform to 'simple > requests' > <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests> under > CORS. > Method #1 would be available under WISH if WISH used or allowed > 'plain/text' for the Content-Type header. > > Method #2 does allow browser-based cross-origin WISH requests when > properly implemented at the server, > but I would say method #2 is rather unknown (it was to me anyway). I > implemented this, and it's not hard, > but it is not trivial either, compared to getting traditional POST > handling going. > > *Does anyone else think it's worth discussing the loss of WISH > browser-side cross-origin request enablement?* > > I personally can envision use-cases for WISH where the browser could send > media using WISH > to various different cloud ingress points, where cross-origin requests are > needed. > This won't be possible unless all those cloud ingres points implement > correctly the HTTP OPTIONS method > for handling a CORS preflight request > <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests>, > AND the proxies and load balancers properly in front of the ingress > server properly, cleanly pass the HTTP OPTIONS request and response > between client/server, > *unless we decide to make tweaks that enable browser-side CORS enablement.* > > > Cameron / Seattle > > -- > Wish mailing list > Wish@ietf.org > https://www.ietf.org/mailman/listinfo/wish >
- [Wish] Note on cross-origin WISH from browser Cameron Elliott
- Re: [Wish] Note on cross-origin WISH from browser Sergio Garcia Murillo
- Re: [Wish] Note on cross-origin WISH from browser Adam Roach