[Wish] Note on cross-origin WISH from browser
Cameron Elliott <garapa1@gmail.com> Wed, 14 July 2021 20:40 UTC
Return-Path: <garapa1@gmail.com>
X-Original-To: wish@ietfa.amsl.com
Delivered-To: wish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 1B7DB3A05E2
for <wish@ietfa.amsl.com>; Wed, 14 Jul 2021 13:40:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IWugoXbyrBLq for <wish@ietfa.amsl.com>;
Wed, 14 Jul 2021 13:40:45 -0700 (PDT)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com
[IPv6:2607:f8b0:4864:20::236])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B7D993A05AA
for <Wish@ietf.org>; Wed, 14 Jul 2021 13:40:42 -0700 (PDT)
Received: by mail-oi1-x236.google.com with SMTP id t25so3739033oiw.13
for <Wish@ietf.org>; Wed, 14 Jul 2021 13:40:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=huC9Oj02xbGybbinbQEPV3zw/6m6VGEQ6bi45u6SvpQ=;
b=Sikh8i7/BsndmgPwrJ3/KZfJs1UQkfqarYoruGL0IDiVcn5juBE8eGlWYXISmsNk3+
NtKk/KiWBpBeeWQg7Xoft7OeZlSqg3AR9htq9CvEzcrMp15xg8/Lz+z7clizMiqdaP5q
/8kk4zXoJKShVtyM0Ucrh6tFJvSBj2IVIvVOgJ8VurCcmyS/ogf8Z7cBVvWx2RyI3ofh
QpzJzFMF7nOKi2qa/CtY6I7hsYwNfoiPIlbjjxF9PW/4iEtw0HallXmMAAQPR1W1OT32
V3GzQl5dwi6sWOeXk0SSFKUJN7IK3Sp9iB1leRk5T8NUctpAZ45LkRddzGzINupYXq+S
mElQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=huC9Oj02xbGybbinbQEPV3zw/6m6VGEQ6bi45u6SvpQ=;
b=tesZPCuWoWjNJ7IfNVOzTZLtxQc3LouoTtnxpULeoFbKfqjKBhglzumJ0/CmBEcwAh
7Axap1hw9kZv5rRqwYypZciYp9aZBM75io1HowdXfRvjn5XCChcgxtjWHUxRWU8pUfuw
MTHCj0KG4HleqHV5BVUD7JCsMsyRWiaBYFdeXpu6aodzK+bV68SPxpIlmSx32Weu999Z
dSom1kbKJmprE7lCKdQj4+6osi7eyrdBh/QXJ6BWSzkej7kqA2ekVMjZb0Tw3NV4vKsp
pEBOe/ClmZUHSraDTvsA/lIAsrGlAFFRAZ5YG235yQaUoHEhKgf5V0/UmSrzTkwZfL8/
QmEA==
X-Gm-Message-State: AOAM532Y2nmoFImg7LGVNwDvhp2x8988iAFLBnVlfSKnqlyZeIX8YQve
UMUyjeiJyGEanT0BRV/vx4zq/M6V1J/kwksafGK9icsH6apMfQ==
X-Google-Smtp-Source: ABdhPJznfEnVxmFCTc/WjO1QFEbIsa5naVP1QDKqo4qEdMnGrZixEM8/HMXt2SM+gBhHF7EKIzoEdxWyOr6JAz8Ooqg=
X-Received: by 2002:aca:c7cb:: with SMTP id x194mr9016218oif.119.1626295240843;
Wed, 14 Jul 2021 13:40:40 -0700 (PDT)
MIME-Version: 1.0
From: Cameron Elliott <garapa1@gmail.com>
Date: Wed, 14 Jul 2021 13:40:29 -0700
Message-ID: <CAMyc9bXKiRT-Sgata+SN7zMqvg9oRw3OFy=81O02qjv6HNLMAQ@mail.gmail.com>
To: Wish@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002163eb05c71b5e02"
Archived-At: <https://mailarchive.ietf.org/arch/msg/wish/xs6MR9ysXxGCB_NnyOd9UHDzmIc>
X-Mailman-Approved-At: Thu, 15 Jul 2021 10:29:19 -0700
Subject: [Wish] Note on cross-origin WISH from browser
X-BeenThere: wish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: WebRTC Ingest Signaling over HTTPS <wish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wish>,
<mailto:wish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wish/>
List-Post: <mailto:wish@ietf.org>
List-Help: <mailto:wish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wish>,
<mailto:wish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 20:43:41 -0000
I discovered something recently about WISH from the browser.
(sorry if this has been covered)
Cross-origin (differing domain,scheme or port) WISH POST requests (from the
browser) will be blocked,
which is expected for cross-origin requests.
But, what if we want to do cross-origin WISH to permit publishing to
different ingress points?
(from the browser)
Cross-origin WISH should be doable by using one of the CORS enablement
methods:
There are two main ways of CORS being permitted:
1. With flags to the fetch() method at the browser. ('cors' or 'no-cors')
<https://developer.mozilla.org/en-US/docs/Web/API/Request/mode#value>
2. By the server responding to a a CORS preflight request
<https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests>,
which is an HTTP OPTIONS request involving headers exchange.
Method #1 is NOT available under WISH because WISH doesn't conform to 'simple
requests'
<https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests> under
CORS.
Method #1 would be available under WISH if WISH used or allowed
'plain/text' for the Content-Type header.
Method #2 does allow browser-based cross-origin WISH requests when properly
implemented at the server,
but I would say method #2 is rather unknown (it was to me anyway). I
implemented this, and it's not hard,
but it is not trivial either, compared to getting traditional POST handling
going.
*Does anyone else think it's worth discussing the loss of WISH browser-side
cross-origin request enablement?*
I personally can envision use-cases for WISH where the browser could send
media using WISH
to various different cloud ingress points, where cross-origin requests are
needed.
This won't be possible unless all those cloud ingres points implement
correctly the HTTP OPTIONS method
for handling a CORS preflight request
<https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests>,
AND the proxies and load balancers properly in front of the ingress
server properly, cleanly pass the HTTP OPTIONS request and response between
client/server,
*unless we decide to make tweaks that enable browser-side CORS enablement.*
Cameron / Seattle
- [Wish] Note on cross-origin WISH from browser Cameron Elliott
- Re: [Wish] Note on cross-origin WISH from browser Sergio Garcia Murillo
- Re: [Wish] Note on cross-origin WISH from browser Adam Roach