Documenting here Wire's restrictions on CORS(Cross-Origin Resource Sharing). Without this change, building on top of Wire's open source project is not an option.
Issue Summary
This is a continuation of #1134 wire team issue. Posting this outside of the wire team, so that the ticket remains open until the issue is resolved.
Wire's open sourced App client cannot be hosted anywhere other than on app.wire.com domain because:
Wire-hosted server has domain restrictions against non-wire domains, and
Wire's server code is not fully open sourced for us to rely on self-hosted servers
Specifically, when self-hosting Wire App project on a custom domain, you will run into the following errors (at random intervals):
On our side, we have adhered to all the licensing restrictions and have made our own code modifications public here and here.
Running Wire Chat App on a self-hosted domain is fully in accordance with the use requirements--specifically with clause 6.4 on independent apps
End-to-end encryption and associated security should not depend on origin (origin is easily faked with changes to etc/hosts). if it does, claims in this post are invalid
Timeline:
Oct 2016 - Wire's public announcement is made about open source Jan 2017 - My team chooses Wire as a platform decision and begins building on top of it Apr 26 2017 - bug issue is first reported to Wire May 8 2017 (wire side: founders) - we reached out to Founders in order to understand a high-level commitment to open source June 2017 - Nov 2017 (wire: dev team) we received some technical support from staff during our implementation of both Wire App (this repo) and Wire Bot, and reported bugs--the usual... Dec 13 2017 (wire: CEO) - we reached out to confirm their high-level vision to support businesses with use cases as ours (i.e. guest users) Jan 17 2018 (wire: CTO) - we offered to pay a standard Professional Services fee for technical support with the goal of eventually getting to the core of CORS (Wire refused)
Next Steps to Resolution
At this time it appears this is a standard case of a company trying to benefit from marketing itself as a transparent open source vendor without acknowledging the responsibility any such commitment to the open source community actually entails.
And this is OK. Most major open source vendors at one point or another receive a push back (MySQL did). It is just a way for us, the community, and the vendor to have an open discussion. In return the vendor receives our trust.
Closing Remarks
Let me say that wire team is doing good work. Their coding practices are top notch. I've had the pleasure of debugging errors (both ours and theirs) with them on several occasions. The company was founded by Janus Friis (founder of Skype), who I respect. So this ticket is in no way trying to diminish their contributions. Just attempting to sort out some misunderstandings.
I personally have been in touch with many members of their team (see above), so the reason for this ticket is that other communication venues for resolving this issue have been exhausted.
Documenting here Wire's restrictions on CORS(Cross-Origin Resource Sharing). Without this change, building on top of Wire's open source project is not an option.
Issue Summary
This is a continuation of #1134 wire team issue. Posting this outside of the wire team, so that the ticket remains open until the issue is resolved.
Wire's open sourced App client cannot be hosted anywhere other than on app.wire.com domain because:
Specifically, when self-hosting Wire App project on a custom domain, you will run into the following errors (at random intervals):
On our side, we have adhered to all the licensing restrictions and have made our own code modifications public here and here.
Wire contract with an open source community
On Jul 22, 2016, CTO and co-founder Alan Duric, stated that "Wire’s users can now build their own client from our source code and run it on our platform"
Running Wire Chat App on a self-hosted domain is fully in accordance with the use requirements--specifically with clause 6.4 on independent apps
End-to-end encryption and associated security should not depend on origin (origin is easily faked with changes to etc/hosts). if it does, claims in this post are invalid
Timeline:
Oct 2016 - Wire's public announcement is made about open source
Jan 2017 - My team chooses Wire as a platform decision and begins building on top of it
Apr 26 2017 - bug issue is first reported to Wire
May 8 2017 (wire side: founders) - we reached out to Founders in order to understand a high-level commitment to open source
June 2017 - Nov 2017 (wire: dev team) we received some technical support from staff during our implementation of both Wire App (this repo) and Wire Bot, and reported bugs--the usual...
Dec 13 2017 (wire: CEO) - we reached out to confirm their high-level vision to support businesses with use cases as ours (i.e. guest users)
Jan 17 2018 (wire: CTO) - we offered to pay a standard Professional Services fee for technical support with the goal of eventually getting to the core of CORS (Wire refused)
Next Steps to Resolution
At this time it appears this is a standard case of a company trying to benefit from marketing itself as a transparent open source vendor without acknowledging the responsibility any such commitment to the open source community actually entails.
And this is OK. Most major open source vendors at one point or another receive a push back (MySQL did). It is just a way for us, the community, and the vendor to have an open discussion. In return the vendor receives our trust.
Closing Remarks
Let me say that wire team is doing good work. Their coding practices are top notch. I've had the pleasure of debugging errors (both ours and theirs) with them on several occasions. The company was founded by Janus Friis (founder of Skype), who I respect. So this ticket is in no way trying to diminish their contributions. Just attempting to sort out some misunderstandings.
I personally have been in touch with many members of their team (see above), so the reason for this ticket is that other communication venues for resolving this issue have been exhausted.