Hi, folks
gRPC was originally developed by Google and is a high-performance remote
procedure call framework based on HTTP/2 implementation. But because the
browser does not directly expose HTTP/2, Web applications cannot directly
use gRPC.
gRPC-Web is a standardized protocol that solves this problem. You can use
gRPC in the browser and provide a JavaScript implementation of gRPC for the
browser client.
The principle is to create an end-to-end gRPC pipeline that is compatible
with HTTP/1.1 and HTTP/2, and then the browser sends a regular HTTP request
to the gRPC-Web between the browser and the server The proxy converts the
request and response.
Currently Envoy provides proxy and conversion capabilities of the gRPC-Web
protocol. I think Apache APISIX can provide friendly proxy support for
gRPC-Web through plugin, which is meaningful to front-end developers. You
can use a more native way to develop microservices or applications based on
gRPC.
The following are the relevant configuration and technical details.
Plugin Name:
- grpc-web
Plugin Configuration:
{
"strip_path":false
}
strip_path: strip request routing prefix, If set to true, stripped request
path will be passed to upstream gRPC service
Detail:
1、What Apache APISIX needs to do ?
gRPC-Web Client <--> Proxy <--> gRPC Service
Implement Proxy, complete the decoding of data from gRPC-Web data to gRPC
Server and the encoding of gRPC Server response to gRPC-Web.
2、Data Format: Use the protoc-gen-grpc-web plugin to generate proto
messages and the service client stub from your .proto
2.1 protoc-gen-grpc-web mode=grpcwebtext: The default generated code sends
the payload in the grpc-web-text format.
- Content-type: application/grpc-web-text
- Payload are base64-encoded.
- Both unary and server streaming calls are supported.
2.2 protoc-gen-grpc-web mode=grpcweb: A binary protobuf format is also
supported.
- Content-type: application/grpc-web+proto
- Payload are in the binary protobuf format.
- Only unary calls are supported for now.
refer to: [1]
3、CORS Support:
3.1 Should follow the CORS spec (Mandatory)
- Access-Control-Allow-Credentials to allow Authorization headers
- Access-Control-Allow-Methods to allow POST and (preflight) OPTIONS only
- Access-Control-Allow-Headers to whatever the preflight request carries
3.2 The client library is expected to support header overwrites to avoid
preflight
3.3 CSP support to be specified
refer to: [2]
For more information and use about grpc-web protocol, please refer to:
[3]、[4]、[5]
[1]
https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-WEB.md#protocol-differences-vs-grpc-over-http2
[2]
https://github.com/grpc/grpc-web/blob/master/doc/browser-features.md#cors-support
[3] https://www.npmjs.com/package/grpc-web
[4] https://github.com/grpc/grpc-web/blob/master/doc/browser-features.md
[5] https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-WEB.md
--
Thanks,
Janko
