SqueakJS icon indicating copy to clipboard operation
SqueakJS copied to clipboard

Published 20 hours ago verified publisher icon codefrau

sockets: simple requests working but not MC

Open codefrau opened this issue 8 years ago • 11 comments

This is working fine: HTTPSocket httpGet: 'http://source.squeak.org:80/squeak45/ but this fails: HTTPSocket httpGet: 'http://source.squeak.org/squeak45/' args: nil user: '' passwd: ''

This is with the https://crossorigin.me/ proxy and using the fetch API.

The proxy does not grant the requested Access-Control-Request-Headers: authorization, it sends back Access-Control-Allow-Headers: Content-Type instead. This appears to be ignored by XMLHttpRequest but fetch reports an error.

codefrau avatar Jun 28 '16 14:06 codefrau

So with the kludge works, but only on the 4th try (fetch without and with proxy followed by xml request without and with proxy): http://codefrau.github.io/SqueakJS/run/#url=http://freudenbergs.de/vanessa/squeakjs&files=[Squeak4.5-13680.image,Squeak4.5-13680.changes,SqueakV41.sources]&pixelated

Using the "cors-anywhere" proxy the Fetch API works fine though (and we prefer it because it supports partial results):

http://codefrau.github.io/SqueakJS/run/#url=http://freudenbergs.de/vanessa/squeakjs&files=[Squeak4.5-13680.image,Squeak4.5-13680.changes,SqueakV41.sources]&pixelated&proxy=https://cors-anywhere.herokuapp.com/

codefrau avatar Jun 28 '16 16:06 codefrau

Hi Vanessa, is this the same bug? It occurred when I tried to browse the inbox repository using Monticello:

squeak.js:37279 Mixed Content: The page at 'https://squeak.js.org/run/#image=/Squeak5.3-19448-32bit.image' was loaded over HTTPS, but requested an insecure resource 'http://source.squeak.org/inbox/?C=M;O=D'. This request has been blocked; the content must be served over HTTPS.
_performFetchAPIRequest @ squeak.js:37279
/squeak.js:37283 Retrying with CORS proxy: https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
(anonymous) @ /squeak.js:37283
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37294 Fetch API failed, retrying with XMLHttpRequest
(anonymous) @ /squeak.js:37294
squeak.js:37373 Mixed Content: The page at 'https://squeak.js.org/run/#image=/Squeak5.3-19448-32bit.image' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://source.squeak.org/inbox/?C=M;O=D'. This request has been blocked; the content must be served over HTTPS.
_performXMLHTTPRequest @ squeak.js:37373
/squeak.js:37354 Retrying with CORS proxy: https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
httpRequest.onerror @ /squeak.js:37354
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37368 Failed to download:
https://crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D
retry.onerror @ /squeak.js:37368
crossorigin.me/http://source.squeak.org:80/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED

LinqLover avatar Nov 16 '20 17:11 LinqLover

HTTPS not working either. :-(

Loaded module: SqueakSSL
/squeak.js:3460 missing primitive: SqueakSSL.primitiveSetStringProperty
warnOnce @ /squeak.js:3460
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37283 Retrying with CORS proxy: https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
(anonymous) @ /squeak.js:37283
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to fetch at 'https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/squeak.js:37294 Fetch API failed, retrying with XMLHttpRequest
(anonymous) @ /squeak.js:37294
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37354 Retrying with CORS proxy: https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
httpRequest.onerror @ /squeak.js:37354
source.squeak.org/inbox/?C=M;O=D:1 Failed to load resource: net::ERR_FAILED
/run/#image=/Squeak5.3-19448-32bit.image:1 Access to XMLHttpRequest at 'https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D' from origin 'https://squeak.js.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
/squeak.js:37368 Failed to download:
https://crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D
retry.onerror @ /squeak.js:37368
crossorigin.me/https://source.squeak.org/inbox/?C=M;O=D:1

LinqLover avatar Nov 16 '20 18:11 LinqLover

Not exactly the same ... we need to allow CORS on source.squeak.org, and we need MC to use https not http.

The https://crossorigin.me/ proxy does not exist anymore

We could try to change it or set up our own proxy, but in general, JavaScript needs CORS to access other servers.

codefrau avatar Nov 16 '20 18:11 codefrau

New proxy sounds straightforward. I have never dealt with this stuff, but this one should be up and might work? https://cors-anywhere.herokuapp.com/

LinqLover avatar Nov 16 '20 18:11 LinqLover

That is the same proxy as in my comment above on Jun 28, 2016 - and that second link does indeed work still 😄 I just edited it to use the current repo name.

codefrau avatar Nov 17 '20 08:11 codefrau

Oh, actually I did not try MC, sorry.

codefrau avatar Nov 17 '20 08:11 codefrau

Just wanted to note that HTTPS connections still do not work reliably, for example, Installer ensureRecentMetacello fails - probably because SqueakSSL.primitiveSetStringProperty is missing?

LinqLover avatar Dec 31 '20 15:12 LinqLover

@LinqLover interesting, why do you think that missing primitive is causing the issue? Happy to debug this together some time next week if you like.

fniephaus avatar Dec 31 '20 15:12 fniephaus

@fniephaus The missing primitive was only a wild guess because SqueakSSL >> #serverName: unconditionally ignores all errors from the primitive call. A joint debugging session would definitely be great, but I'm not sure how much I could contribute to it with zero VMMaker experience at the moment ... If you're still interested, please let me know :-)

LinqLover avatar Jan 01 '21 16:01 LinqLover

I don't mind if you watch me debug this. It's likely you'll learn something... I will probably do, too. 😉 Let's discuss "offline"...

fniephaus avatar Jan 01 '21 18:01 fniephaus