New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add experimental.globalFetch() Labs API #1038

Merged
merged 1 commit into from Jun 10, 2018

Conversation

Projects
None yet
4 participants
@pfrazee
Member

pfrazee commented Jun 9, 2018

Traditional web applications are able to make cross-origin requests by proxying through their own servers. That's not a possibility for Dat's serverless apps, which is a problem for a lot of apps. For instance, what if you wanted to fetch "open graph" metadata for a site before posting it on a social profile app (ie fritter).

This PR solves this issue with a new Labs API called experimental.globalFetch. It is functionally similar to fetch() except for a few key differences:

  • Currently only HEAD and GET are supported.
  • A permission prompt is raised for each request to a new origin.
  • CORS policies are not applied, and so the site can send a request to any possible service.
  • Cookies/credentials are never sent.

For each new origin contacted, a new permission prompt will be created:

screen shot 2018-06-09 at 5 41 06 pm

The permission will persist for every origin.

To use this API, add the globalFetch token to the experimental.apis array in the dat.json manifest:

{
  "experimental": {
    "apis": ["globalFetch"]
  }
}

You can then use the API exactly as Fetch is used:

var res = await experimental.globalFetch('https://beakerbrowser.com/about.html')
var body = await res.text()

@pfrazee pfrazee merged commit 8f19151 into master Jun 10, 2018

0 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
continuous-integration/travis-ci/push The Travis CI build failed
Details

@pfrazee pfrazee deleted the lab-api-global-fetch branch Jun 10, 2018

@paul90

This comment has been minimized.

Contributor

paul90 commented Jun 14, 2018

Something to remember is that fetch is not just for getting content, request methods other than GET can be set via the optional init object.

It might be an idea to look at the request method being used, and reflect that in the permission prompt, but then it would also make sense to have separate set of permissions for fetching from and writing to a remote site.

@pfrazee

This comment has been minimized.

Member

pfrazee commented Jun 14, 2018

@paul90 Yes that's true - right now globalFetch only supports HEAD/GET though.

@arni077

This comment has been minimized.

arni077 commented Jul 19, 2018

maybe basic question but.. the var body in the example above is now holding as string ALL the text that written on about.html or just what about.html returns?

@pfrazee

This comment has been minimized.

Member

pfrazee commented Jul 19, 2018

@arni077 it will contain all the text inside the about.html file, as served by https://beakerbrowser.com

@arni077

This comment has been minimized.

arni077 commented Aug 7, 2018

@pfrazee cool, but what if a dat website wants to send simple string to https://beakerbrowser.com ? how we can do that?

@pfrazee

This comment has been minimized.

Member

pfrazee commented Aug 7, 2018

@arni077 not yet supported

@RangerMauve

This comment has been minimized.

RangerMauve commented Aug 7, 2018

arni077: You can include data in your query portion of the URL if you're the one creating the server.

I'll note that It's really frowned-upon to use GET requests like that.

e.g.

GET https://example.com/example?myvariable=wowcool
@arni077

This comment has been minimized.

arni077 commented Aug 7, 2018

@RangerMauve what do you mean by "frowned-upon " ?

i dont understand how to send with the snippet you shared. suppose if i have this:
< form action=" " method="get" >
enter name: < input type="text" name="name" >
< input type="submit" value="Submit" >
< /form >

how to send with get method to example.com if i am a dat website?

@arni077

This comment has been minimized.

arni077 commented Aug 7, 2018

@pfrazee when it will be supported? it is very important for my project.
do u have an idea how to circumvent this with what we got now?

@RangerMauve

This comment has been minimized.

RangerMauve commented Aug 8, 2018

@arni077 "frowned-upon" means that people have found that it's a bad idea to use this method. It goes against how HTTP is supposed to work.

However, your example would look like fetch("https://example.com/?name="+whatevervalue) where whatevervalue is a variable holding the value you want to send as name to the server.

What language are you using for your server-side?

@arni077

This comment has been minimized.

arni077 commented Aug 8, 2018

@RangerMauve i use node.js.

@RangerMauve

This comment has been minimized.

RangerMauve commented Aug 8, 2018

Cool, in that case you can get the name field using var thename = req.query.name in your request handler if you're using express. The docs on that are here.

(Apologies to @pfrazee for derailing the thread so hard! 😅)

@pfrazee

This comment has been minimized.

Member

pfrazee commented Aug 8, 2018

@RangerMauve No worries

@arni077 Basically I plan to add support for POST and etc, but just need to think it through. It's on the todo list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment