search

codefrau / SqueakJS

A Squeak Smalltalk VM in Javascript
https://squeak.js.org
MIT License
371 stars 76 forks source link

sockets: simple requests working but not MC #66

Open codefrau opened 8 years ago

codefrau commented 8 years ago

This is working fine: HTTPSocket httpGet: 'http://source.squeak.org:80/squeak45/ but this fails: HTTPSocket httpGet: 'http://source.squeak.org/squeak45/' args: nil user: '' passwd: ''

This is with the https://crossorigin.me/ proxy and using the fetch API.

The proxy does not grant the requested Access-Control-Request-Headers: authorization, it sends back Access-Control-Allow-Headers: Content-Type instead. This appears to be ignored by XMLHttpRequest but fetch reports an error.

codefrau commented 8 years ago

So with the kludge works, but only on the 4th try (fetch without and with proxy followed by xml request without and with proxy): http://codefrau.github.io/SqueakJS/run/#url=http://freudenbergs.de/vanessa/squeakjs&files=[Squeak4.5-13680.image,Squeak4.5-13680.changes,SqueakV41.sources]&pixelated

Using the "cors-anywhere" proxy the Fetch API works fine though (and we prefer it because it supports partial results):

http://codefrau.github.io/SqueakJS/run/#url=http://freudenbergs.de/vanessa/squeakjs&files=[Squeak4.5-13680.image,Squeak4.5-13680.changes,SqueakV41.sources]&pixelated&proxy=https://cors-anywhere.herokuapp.com/

LinqLover commented 3 years ago

Hi Vanessa, is this the same bug? It occurred when I tried to browse the inbox repository using Monticello:

squeak.js:37279 Mixed Content: The page at 'https://squeak.js.org/run/#image=/Squeak5.3-19448-32bit.image' was loaded over HTTPS, but requested an insecure resource 'http://source.squeak.org/inbox/?C=M;O=D'. This request has been blocked; the content must be served over HTTPS.
_performFetchAPIRequest @ squeak.js:37279
/squeak.js:37283 Retrying with CORS proxy: https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
(anonymous) @ /squeak.js:37283
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37294 Fetch API failed, retrying with XMLHttpRequest
(anonymous) @ /squeak.js:37294
squeak.js:37373 Mixed Content: The page at 'https://squeak.js.org/run/#image=/Squeak5.3-19448-32bit.image' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://source.squeak.org/inbox/?C=M;O=D'. This request has been blocked; the content must be served over HTTPS.
_performXMLHTTPRequest @ squeak.js:37373
/squeak.js:37354 Retrying with CORS proxy: https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
httpRequest.onerror @ /squeak.js:37354
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37368 Failed to download:
https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
retry.onerror @ /squeak.js:37368
crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
LinqLover commented 3 years ago

HTTPS not working either. :-(

Loaded module: SqueakSSL
/squeak.js:3460 missing primitive: SqueakSSL.primitiveSetStringProperty
warnOnce @ /squeak.js:3460
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37283 Retrying with CORS proxy: https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
(anonymous) @ /squeak.js:37283
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37294 Fetch API failed, retrying with XMLHttpRequest
(anonymous) @ /squeak.js:37294
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37354 Retrying with CORS proxy: https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
httpRequest.onerror @ /squeak.js:37354
source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37368 Failed to download:
https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
retry.onerror @ /squeak.js:37368
crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D:1
codefrau commented 3 years ago

Not exactly the same ... we need to allow CORS on source.squeak.org, and we need MC to use https not http.

The https://crossorigin.me/ proxy does not exist anymore

We could try to change it or set up our own proxy, but in general, JavaScript needs CORS to access other servers.

LinqLover commented 3 years ago

New proxy sounds straightforward. I have never dealt with this stuff, but this one should be up and might work? https://cors-anywhere.herokuapp.com/

codefrau commented 3 years ago

That is the same proxy as in my comment above on Jun 28, 2016 - and that second link does indeed work still 😄 I just edited it to use the current repo name.

codefrau commented 3 years ago

Oh, actually I did not try MC, sorry.

LinqLover commented 3 years ago

Just wanted to note that HTTPS connections still do not work reliably, for example, Installer ensureRecentMetacello fails - probably because SqueakSSL.primitiveSetStringProperty is missing?

fniephaus commented 3 years ago

@LinqLover interesting, why do you think that missing primitive is causing the issue? Happy to debug this together some time next week if you like.

LinqLover commented 3 years ago

@fniephaus The missing primitive was only a wild guess because SqueakSSL >> #serverName: unconditionally ignores all errors from the primitive call. A joint debugging session would definitely be great, but I'm not sure how much I could contribute to it with zero VMMaker experience at the moment ... If you're still interested, please let me know :-)

fniephaus commented 3 years ago

I don't mind if you watch me debug this. It's likely you'll learn something... I will probably do, too. 😉 Let's discuss "offline"...