SAMP browser plugin? Re: SAMP and HTTPS workaround?

Mark Taylor M.B.Taylor at bristol.ac.uk
Thu Oct 17 15:28:10 CEST 2019 

Sonia,

I haven't attempted to follow the details, but this sounds really hopeful.
Thanks for the trials so far, and I look forward to hearing more.
One question for now: do you expect the extension communication with
the hub to be using the Web Profile or Standard Profile?

Regarding the mailing lists: apps-samp is archived at

   http://mail.ivoa.net/pipermail/apps-samp/

though that link doesn't appear on the main mailing lists page.
I think it makes sense to continue the discussion on this list:
I will post a message on the apps list to make it clear that's
happening, in case anybody is subscribed to that list but not
this one and wants to follow.

Mark


On Thu, 17 Oct 2019, Zorba, Sonia wrote:

> Dear all,
> I'm not completely sure you received my previous mail (I wasn't in the
> apps-samp list yet). Anyway, I would just like to share some results
> I've found.
> 
> I did a couple of experiments and I was able to perform an http call
> from an https page using a Browser Extension (same code for Firefox
> and Chrome).
> Indeed the docs specify that extensions can obtain extra permissions:
> «XMLHttpRequest and fetch access to those origins without cross-origin
> restrictions» (https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions)
> 
> To achieve this it is necessary to add the specific permission in the
> manifest.json:
> "permissions": [
>   "*://localhost/*"
> ]
> 
> Browser Extensions have 2 kinds of scripts: content script and
> background script.
> Firefox allows the cross-origin call from both the scripts, Chrome
> only from the background script (solvable passing from the content
> script to the background script: https://stackoverflow.com/a/55215898)
> Trying to do the call from the content script Chrome blocks the
> request due to CORB (another recent thing to consider together with
> CORS, https://www.chromium.org/Home/chromium-security/corb-for-developers)
> I didn't receive any "mixed content" error.
> 
> A custom event can be used to call the extension content script from a
> page script:
> document.dispatchEvent(new CustomEvent('eventToSampExtension', {
> detail: data }));
> 
> So, the flow could be something like: page script --(event)->
> extension content script --(extension API)-> extension background
> script --(http)-> SAMP hub
> 
> I hope to be able to share some working code in the next weeks.
> 
> Cheers,
> Sonia
> 
> 
> Il giorno gio 17 ott 2019 alle ore 11:07 Thomas Boch
> <thomas.boch at astro.unistra.fr> ha scritto:
> >
> > Mark,
> >
> > Le 14/10/2019 à 18:33, Mark Taylor a écrit :
> > > I think the only way to take this forward is to experiment and
> > > try it out, so we'd need some volunteers to try to write plugins
> > > for different browsers.  Writing browser plugins is far from
> > > my area of expertise, so I'm not volunteering.  Sonia Zorba
> > > suggested in Groningen that she might be willing to have a go,
> > > and Thomas's "quite like the idea of developing a plugin" sounds
> > > like it could be an offer too...
> >
> > Yes indeed, that's something I'm willing to experiment with.
> >
> > Thomas
> 

--
Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-9288776  http://www.star.bris.ac.uk/~mbt/

More information about the apps-samp mailing list