-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Real CORS handling #6
Conversation
PS : |
Just added OPTIONS handling for preflighted requests as we need to send the Icy-MetaData header to get metadatas. |
We do not have any tests at the moment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First of all, thanks for this contribution! I've done a first review of the code, see the comments below.
One general thing I noticed:
If would be great if you could indent using 4 spaces, to be consistent with the rest of the Icecast codebase.
Additionally please try to avoid whitespace changes that are unrelated to your changes, it seems you stripped all trailing whitespace from lines, causing changes that are unrelated to this feature.
src/cfgfile.c
Outdated
} | ||
if (!cors_path->exposed_headers) { | ||
ICECAST_LOG_ERROR("Out of memory while parsing config file"); | ||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't you return an error to the caller and not 1 for success, when this happens?
It might be a good idea to use 0 as success and everything non-zero as error for consistency, or add a comment documenting what the possible returned values are supposed to indicate.
src/cors.c
Outdated
* This program is distributed under the GNU General Public License, version 2. | ||
* A copy of this license is included with this source. | ||
* | ||
* Copyright 2014, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrong copyright and author name.
src/cors.c
Outdated
strcat(new_out, header_name); | ||
strcat(new_out, ": "); | ||
strcat(new_out, header_value); | ||
strcat(new_out, "\r\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might be better to use snprintf here, as we do in util_build_http_header
here.
src/cors.c
Outdated
*len -= header_end[i] - header_start[i]; | ||
} | ||
return; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I do not really understand what this function is supposed to do. Could you maybe add a few comments to the code in this function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It removes an header by its name in the current headers str.
It's used in _remove_cors
which removes all known cors headers (probably added in by <header>
in config) is the path was denied in CORS config.
src/cors.h
Outdated
* oddsock <oddsock@xiph.org>, | ||
* Karl Heyes <karl@xiph.org> | ||
* and others (see AUTHORS for details). | ||
* Copyright 2014, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above, wrong copyright and author name.
Should be just:
Copyright 2017, Your Name <your-email@example.com>
I'll make requested changes tomorrow. Should I submit a patch to the ML or just updating the PR is OK ? |
I think just updating the pull request is enough. |
https://github.com/tiimgreen/github-cheat-sheet 🌮 ;) They have a lot of useful pro tips |
@ePirat : Done changes as requested. |
Cool to see a PR for this, any update on the status? we're currently trying to use XHR and the WebAudio API for streaming. This limitation of icecast is currently a blocker. |
Sorry, right now there are very few people working on Icecast and most are busy right now with other things. Big features like this require some coordination, regarding the config changes and such, so this is definitely not something I could do on my own. |
@ePirat ? Any chance ? |
Config example up top LGTM. +1 |
Desperately hoping for any news 😿 |
(Resolved conflicts, in case of ...) |
Thanks a lot for the conflict resolution! I will have another look and do some more testing this week. |
src/cfgfile.c
Outdated
return; | ||
} | ||
for (length = 0; origins[length]; length++); | ||
for(int step = 0; step <length; step++) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use { }
here, makes it clearer that those are nested loops.
(Nitpick: space after for
is missing, same for the one below, and the if
)
src/cfgfile.c
Outdated
int length; | ||
char *temp; | ||
|
||
if (!origins || !origins[1]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this checking for origins[1]
instead of origins[0]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Means if there are no origins or only one origin (just 0 and not 1)
, there is not need to sort`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it guaranteed origins
always has at least 2 entries (a string and NULL ptr)? Else you could read out of the array bounds with origins[1]
when not checking origins[0]
first.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, possible values are :
- origins = null
- origins = &{string, null}
- origins = &{string, string, null}
- etc ...
But you're right, this part is not explicit as it should be, I will refactor it
In general this looks ok and seems to work as I would expect. Thank you very much for the contribution! We still need a second reviewer (ph3) before we can merge. For this purpose I would like to push your code to a branch on the git.xiph.org Icecast repo, as Github is just a mirror. |
I will make the two fixes you requested above tonight, I'll mention you when pushed here for the branch creation. |
@ePirat : Tried to make it more readable. Hope it's ok for you. |
Create the branch with your PR: jucrouzet-CORS |
Thanks @jucrouzet and @ePirat. I am excited to be finally be able to use @jucrouzet's excellent https://github.com/jucrouzet/icecast.js. That would also answer my question #15. Would it be possible for this feature to be cut into a new point release? |
It's not even merged yet, as I already explained previously, the purpose of the branch is to make review easier.
No, thats not how our versioning works. |
I apologize for not correctly interpreting your message. I am sorry. I look forward to if and when this gets released in icecast server. As I said, I am excited to be able to use this + icecast.js. Thanks. |
No problem, I am looking forward to get this into Icecast as soon as we can, too. |
Happy birthday to this PR 🎂 ;) |
Hi @ph3-der-loewe , Would it be possible for you to please review the following branch - http://git.xiph.org/?p=icecast-server.git;a=shortlog;h=refs/heads/jucrouzet-CORS ? This would help add a functionality that would be very useful for @jucrouzet and me, and I presume others as well. Hi @ePirat , I am not sure if ph3 is active on github. In case he prefers a different channel for communication, could you please help share that? The aim is to connect with him to request him to review the above PR. Hopefully, the above PR is merged and then released so that the functionality can be used. I would really appreciate all your help. Danke. |
I already asked him to review it a while ago. |
Hi @dm8tbr, Would it be possible for you to please review the following branch - http://git.xiph.org/?p=icecast-server.git;a=shortlog;h=refs/heads/jucrouzet-CORS ? This would help add a functionality that would be very useful for @jucrouzet and me, and I presume others as well. Danke. |
Hello all As everyone else, I'm really looking forward to see this. In fact I need this a lot because I'm building a website that helps all webradio owners to create cool web interfaces. My last solution to counter the lack of OPTIONS method support in Icecast, is to perform a request to my own backend and then perform a curl request on Icecast.. which begin to seems like an overkill 😛 Anyway, it would be great that Icecast PR reviewers could check this asap and merge ! Thanks a lot |
@mydnic I think it would be very unfair to suggest that the Icecast reviewers are not active. Just looking at the commits in the repository should be enough to indicate that @ph3-der-loewe is active and busy patching Icecast. More importantly, @ePirat has been very helpful and supportive. In terms of what can be done - I am not in a position to comment. Unfortunately, current efforts in getting this patch reviewed have largely been unsuccessful. @ePirat It may be entirely possible that this patch may have fallen off the radar of @ph3-der-loewe - it happens all the time with all of us volks. Would it be possible for you to please remind him again? |
He already had a quick look a few days ago. We are currently preparing a new beta release and a maintenance release for 2.4.x, I am sure once he has time, that he will have a detailed look at it. |
Polite reminder. |
Good morning,
On Fri, 2018-06-08 at 15:20 +0000, Brahmasmi wrote:
Polite reminder.
@ePirat @dm8tbr @ph3-der-loewe.
Here is a little status update:
* In mean time I rebased the patch several times to master (as
master moved since the path was supplied). You can find it in
the branch ph3-jucrouzet-CORS-orig.
* We currently work on a new stable release as well as there is
some work on the build system for current development. This also
requires time from the team.
* tbr expressed his interest in including the patch in the next
beta.
* The patch still has some major problems, such as:
* Fails to build for me.
* Does not use correct types (int vs. size_t, ...).
* Does implement it's own sorting function.
* Does bypass the ACL layer, may allow harmful remote
access.
* Does not use correct coding style.
* I think that those problems are best handled with me re-writing
parts of it. Including fundamental support for OPTIONS-method.
The actual patch would be applied ontop of that.
* We already reorganized how requests are handled internally,
allowing more simple OPTIONS support.
The patch is still on my radar. Yet there are some tasks that need to be
done before.
Generally speaking there is some process, however I fear it can hardly
been seen from the outside. :(
Hope that updates helps.
With best regards,
PS: Is there a ticket for us on our side? Github is like the worst place
in the two universes to discuss software related stuff.
…--
Philipp.
(Rah of PH2)
|
Good evening,
I just added some experimental support for OPTIONS. You can find it in
branch ph3-options.
With best regards,
…--
Philipp.
(Rah of PH2)
|
Thank you @ph3-der-loewe for your response. I apologize for the delay in my reply. I see that you have merged the ph3-options branch in the master. Thanks for that. With respect to the problems with the patch, I am afraid I cannot comment on it or provide help with it. I am just a user who hopes to see a simple browser play an Icecast stream. @jucrouzet - If it is possible, could I request you to please collaborate with @ph3-der-loewe on this patch. I am not sure what channel or mechanism of collaboration would be suitable, but I am sure @ph3-der-loewe would be able to share it with you. I am requesting you, since you are the original author of this patch, and might be able to collaborate with @ph3-der-loewe on it. Thanks once again to @jucrouzet for the patch and @ePirat @dm8tbr and @ph3-der-loewe for their help and support. |
A simple browser can play an Icecast stream already just fine. It's the advanced use cases that require a more complete CORS implementation. This is what this is about. Our stated goal is to have this included in the 2.5 release, this has not changed. Ideally, it will be already part of the next beta to give it wider test exposure. I would kindly ask to not "poke" or "bump" this issue as there is nothing it will accomplish or accelerate, aside from eating into our time that could be spent actually working on this. From this point on, everyone please keep it to technical discussion on the implementation of CORS. |
Philipp now finished the manual merge, rework and feature work on CORS. Everything is on the master branch and will ship as part of beta 3. I'm thus closing this. |
Merci beaucoup @jucrouzet. Danke @ePirat @dm8tbr and @ph3-der-loewe. If I may ask, would we happen to know the timeline for the 2.5 release (full, not beta)? Dhanyavaad. |
It will ship once it is considered done.
There is no specific timeline except for the above order of events. If there are commercial entities interested in accelerating this process, please contact me directly to discuss options of contracting core developers, enabling them to spend more than their spare time on Icecast. |
Danke @dm8tbr for sharing the order of events. I understand and appreciate the inability of anyone to forecast future. By timeline, I meant the order of events. Apologies for my incorrect choice of words. |
Introduces a real handling of CORS requests as a replacement of just setting a
Configuration model :
This feature will allow a full-JS HTML5 player with MetaData synchronization for example.