-
edhelas
Who is planning to implement 0461 ?
-
pep.
edhelas: there's already https://fosstodon.org/@polynomdivision/107921082993522502 apparently
-
lovetox
moparisthebest, what is now the prefered solution for websocket?
-
lovetox
should i remove it completely?
-
lovetox
is there a use case for desktop clients?
-
lovetox
i originally replaced bosh with it
-
lovetox
but i ask myself now if there is a situation where you would want to use websocket instead of tcp on a desktop
-
Link Mauve
lovetox, when you have a really bad firewall on your network usually.
-
Link Mauve
Or when the server only has that configured.
-
lovetox
the firewall thing is stated often, but im not particular inclined to provide a software for people that circumvent their work enviroments
-
Link Mauve
lovetox, the preferred solution for discovering WebSocket (and BOSH) endpoints is to follow the HTTP workflow of XEP-0156.
-
Link Mauve
It’s not just work, it’s also airports, schools, universities, some cafés.
-
lovetox
Link Mauve, why you disabled websocket on jabber.fr?
-
Link Mauve
Oh did we?
-
Link Mauve
IIRC there was an issue with some version of Converse, which started preferring it to BOSH, and I didn’t have time to investigate.
-
Link Mauve
At the time, BOSH was generally better than WebSocket, now that XEP-0198 can be done over WebSocket it’s probably the opposite..✎ -
Link Mauve
At the time, BOSH was generally better than WebSocket, now that XEP-0198 can be done over WebSocket it’s probably the opposite. ✏
-
Link Mauve
Do you do 0198 in that case?
-
Link Mauve
It would be better if this /.well-known/host-meta had a way to tell clients about preferences, but alas the web always has to reinvent SRV poorly…
-
Link Mauve
Converse doesn’t seem to notice websocket being blocked by CSP.
-
lovetox
CSP?
-
lovetox
i mean in your hostmeta file websocket is commented out
-
lovetox
meaning i have no way of testing my code :)
-
Zash
Content-Security-Policy, a browser thing
-
lovetox
yes i do 0198 over websocket
-
lovetox
is this useless?
-
lovetox
because we always know if a message reached the server?
-
Zash
No, 198 is good
-
Zash
The thing is that BOSH has equivalent functionality built in, so WS needs 198 to be comparable
-
Link Mauve
lovetox, it isn’t commented out any longer, but also still not working.
-
lovetox
k thanks, yeah its enough for me to retrieve the uri from somewhere
-
Link Mauve
Heh, module:list() | grep websocket → *crickets*
-
Link Mauve
But since we haven’t updated since the previous CVE, I won’t enable it today.
-
Link Mauve
lovetox, I will comment it out again in the host-meta, unless you want to continue debugging.
-
Link Mauve
I will uncomment it once we are ready to reboot the server for upgrades.
-
lovetox
hm would be cool if you could leave it until tomorrow
-
lovetox
im just finishing the code
-
Link Mauve
That prevents our web users from being able to connect at all. :/
-
Link Mauve
Couldn’t you pick any of the other correctly-configured servers here? https://compliance.conversations.im/test/xep0156/
-
lovetox
no, your users can wait till tomorrow
-
lovetox
:) of course then comment it out, i take another server
-
moparisthebest
lovetox: websocket is valuable, just needs looked up via host-meta, and I'd probably suggest standardizing on host-meta json, it's in the RFC
-
moparisthebest
In fact I'm going to propose an update to '156 saying that...
-
lovetox
but thats to late
-
lovetox
now everyone implemented updated it and probably everybody uses whats in the xep the xml
-
lovetox
just leave it at that
-
lovetox
as this are xmpp clients, all software deals with xml anyway
-
lovetox
i dont even know why there is a second solution here
-
moparisthebest
lovetox: because it's in the host-meta RFC
-
lovetox
?
-
moparisthebest
And all XMPP clients should be doing posh anyway which is json only
-
lovetox
and its also in the XEp
-
lovetox
why do you need to standardize on json
-
moparisthebest
The json representation is in the host-meta RFC too I mean
-
lovetox
ok you mean thats why its in the XEP
-
moparisthebest
It makes sense to standardize on one instead of always grab both
-
lovetox
but it does not explain why you want to remove the xml represantation
-
Link Mauve
moparisthebest, no need to fetch both, as the XRD version is required to be present.
-
lovetox
moparisthebest, we dont need to grab both, because one is optional and the other not currently
-
moparisthebest
And fun fact: the example XML in the host-meta RFC is invalid according to the XRD spec, it doesn't validate
-
lovetox
if you change this now, THEN we definitly need to grab both
-
moparisthebest
You already have to grab both, I'd like to strongly recommend only grabbing the json
-
lovetox
no
-
lovetox
json is optional
-
moparisthebest
Also the XRD spec website has a "always valid look to the latest xsd" that returns 404 lol✎ -
moparisthebest
Also the XRD spec website has a "always valid link to the latest xsd" that returns 404 lol ✏