-
Kev
How are people typically sharing 363 URLs - SIMS(385)?
-
jonas’
OOB.✎ -
jonas’
XEP-0066, OOB. ✏
-
Kev
OOB is iq-only, and doesn't include useful information like file size, does it?
-
Kev
Maybe I should go check.
-
jonas’
it is not iq-only
-
Kev
Ah, fab.
-
jonas’
see https://xmpp.org/extensions/xep-0066.html#x-oob
-
jonas’
it does not include useful information like file size, but it works and is widely deployed, which is all what counts I suppose
-
Kev
Still misses all the contenttype/size etc. info though :/
-
jonas’
(note the sarcasm)
-
Kev
Yeah, I specifically need filesize to be communicated.
-
jonas’
please push SIMS forward.
-
wurstsalat
or XEP-0447 ?
-
Kev
How are people managing fallback with OOB?
-
Ge0rG
Kev: let me tell you about HTTP HEAD
-
jonas’
Kev, fallback?
-
Ge0rG
Kev: some implementations require the oob url to be equal to the message body, others require it to be contained within the body
-
jonas’
OOB is only accepted by deployed clients if body == OOB-URL, otherwise it's ignored.
-
Kev
Ge0rG: I want to be avoiding any HTTP requests at all if the file is too large to download at the moment. I'm not thinking about Internet use, predictably.
-
jonas’
ah, so subset is ok too, apparently.
-
Ge0rG
jonas’: implementation-defined
-
Ge0rG
I'm not aware of anyone using iq-0066
-
Ge0rG
Kev: understandably
-
Kev
Ok, ta.
-
moparisthebest
Kev, just watch out, it's not like you can trust the size https://www.moparisthebest.com/httppppppppppp-upload/
-
Kev
I'm thinking about slightly special cases :)
-
Kev
(Although it's true the code should also work on the hostile Internet)
-
Tobias
has anyone seen HTTP File Upload components require the use of Cookie headers?
-
Zash
No but Prosody uses the Authorization header, which triggered implementation of header support in some clients that were missing it.
-
Kev
The question about Cookie's is particularly interesting, because Browsers might be Not Happy about setting cookies for particular cross-site requests.✎ -
Kev
The question about Cookies is particularly interesting, because Browsers might be Not Happy about setting cookies for particular cross-site requests. ✏
-
Kev
Whereas the auth header shouldn't pose any great problem.
-
Zash
I seem to remember the Auth header being special wrt CORS and in certain APIs
-
MattJ
Yes, those rules already apply to Authorization as well as Cookie
-
MattJ
and in general, not a problem as long as the service supports CORS correctly (i.e. allowing With-Credentials)
-
Kev
Authorization's just a case of having the CORS headers, AFAICS. I've been told today by webbish folks that cookies are much harder.
-
Tobias
According to https://xhr.spec.whatwg.org/#the-setrequestheader()-method you can't set Cookie as it's a forbidden name
-
Tobias
or do you have to go via withCredentials then?
-
Kev
withCredentials doesn't allow you to inject cookies, AFAK.✎ -
Kev
withCredentials doesn't allow you to inject cookies, AFAIK. ✏