Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sockets: simple requests working but not MC #66

Open
codefrau opened this issue Jun 28, 2016 · 11 comments
Open

sockets: simple requests working but not MC #66

codefrau opened this issue Jun 28, 2016 · 11 comments

Comments

@codefrau
Copy link
Owner

codefrau commented Jun 28, 2016
edited
Loading

This is working fine:
HTTPSocket httpGet: 'http://source.squeak.org:80/squeak45/
but this fails:
HTTPSocket httpGet: 'http://source.squeak.org/squeak45/' args: nil user: '' passwd: ''

This is with the https://crossorigin.me/ proxy and using the fetch API.

The proxy does not grant the requested Access-Control-Request-Headers: authorization, it sends back Access-Control-Allow-Headers: Content-Type instead. This appears to be ignored by XMLHttpRequest but fetch reports an error.
codefrau added a commit that referenced this issue Jun 28, 2016
@codefrau
kludge for #66: Fall back to XMLHTTPRequest if Fetch API doesn't work
b5033fa
@codefrau
Copy link
Owner Author

codefrau commented Jun 28, 2016
edited
Loading

So with the kludge works, but only on the 4th try (fetch without and with proxy followed by xml request without and with proxy):
http://codefrau.github.io/SqueakJS/run/#url=http://freudenbergs.de/vanessa/squeakjs&files=[Squeak4.5-13680.image,Squeak4.5-13680.changes,SqueakV41.sources]&pixelated

Using the "cors-anywhere" proxy the Fetch API works fine though (and we prefer it because it supports partial results):

http://codefrau.github.io/SqueakJS/run/#url=http://freudenbergs.de/vanessa/squeakjs&files=[Squeak4.5-13680.image,Squeak4.5-13680.changes,SqueakV41.sources]&pixelated&proxy=https://cors-anywhere.herokuapp.com/

@LinqLover
Copy link
Contributor

Hi Vanessa, is this the same bug? It occurred when I tried to browse the inbox repository using Monticello:

squeak.js:37279 Mixed Content: The page at 'https://squeak.js.org/run/#image=/Squeak5.3-19448-32bit.image' was loaded over HTTPS, but requested an insecure resource 'http://source.squeak.org/inbox/?C=M;O=D'. This request has been blocked; the content must be served over HTTPS.
_performFetchAPIRequest @ squeak.js:37279
/squeak.js:37283 Retrying with CORS proxy: https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
(anonymous) @ /squeak.js:37283
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37294 Fetch API failed, retrying with XMLHttpRequest
(anonymous) @ /squeak.js:37294
squeak.js:37373 Mixed Content: The page at 'https://squeak.js.org/run/#image=/Squeak5.3-19448-32bit.image' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://source.squeak.org/inbox/?C=M;O=D'. This request has been blocked; the content must be served over HTTPS.
_performXMLHTTPRequest @ squeak.js:37373
/squeak.js:37354 Retrying with CORS proxy: https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
httpRequest.onerror @ /squeak.js:37354
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37368 Failed to download:
https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
retry.onerror @ /squeak.js:37368
crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED

@LinqLover
Copy link
Contributor

HTTPS not working either. :-(

Loaded module: SqueakSSL
/squeak.js:3460 missing primitive: SqueakSSL.primitiveSetStringProperty
warnOnce @ /squeak.js:3460
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37283 Retrying with CORS proxy: https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
(anonymous) @ /squeak.js:37283
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37294 Fetch API failed, retrying with XMLHttpRequest
(anonymous) @ /squeak.js:37294
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37354 Retrying with CORS proxy: https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
httpRequest.onerror @ /squeak.js:37354
source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37368 Failed to download:
https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
retry.onerror @ /squeak.js:37368
crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D:1

@codefrau
Copy link
Owner Author

Not exactly the same ... we need to allow CORS on source.squeak.org, and we need MC to use https not http.

The https://crossorigin.me/ proxy does not exist anymore

We could try to change it or set up our own proxy, but in general, JavaScript needs CORS to access other servers.

@LinqLover
Copy link
Contributor

New proxy sounds straightforward. I have never dealt with this stuff, but this one should be up and might work? https://cors-anywhere.herokuapp.com/

@codefrau
Copy link
Owner Author

That is the same proxy as in my comment above on Jun 28, 2016 - and that second link does indeed work still 😄 I just edited it to use the current repo name.

@codefrau
Copy link
Owner Author

Oh, actually I did not try MC, sorry.

codefrau added a commit that referenced this issue Dec 21, 2020
@codefrau
kludge for #66: Fall back to XMLHTTPRequest if Fetch API doesn't work
4feb8c1
@LinqLover
Copy link
Contributor

Just wanted to note that HTTPS connections still do not work reliably, for example, Installer ensureRecentMetacello fails - probably because SqueakSSL.primitiveSetStringProperty is missing?

@fniephaus
Copy link
Collaborator

@LinqLover interesting, why do you think that missing primitive is causing the issue? Happy to debug this together some time next week if you like.

@LinqLover
Copy link
Contributor

@fniephaus The missing primitive was only a wild guess because SqueakSSL >> #serverName: unconditionally ignores all errors from the primitive call. A joint debugging session would definitely be great, but I'm not sure how much I could contribute to it with zero VMMaker experience at the moment ... If you're still interested, please let me know :-)

@fniephaus
Copy link
Collaborator

I don't mind if you watch me debug this. It's likely you'll learn something... I will probably do, too. 😉 Let's discuss "offline"...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codefrau @fniephaus @LinqLover