[ 
https://issues.apache.org/jira/browse/TS-3474?focusedWorklogId=28576&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-28576
 ]

ASF GitHub Bot logged work on TS-3474:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Sep/16 09:36
            Start Date: 09/Sep/16 09:36
    Worklog Time Spent: 10m 
      Work Description: Github user atsci commented on the issue:

    https://github.com/apache/trafficserver/pull/833
  
    FreeBSD build *successful*! See 
https://ci.trafficserver.apache.org/job/Github-FreeBSD/763/ for details.
     



Issue Time Tracking
-------------------

    Worklog Id:     (was: 28576)
    Time Spent: 5h 20m  (was: 5h 10m)

> HTTP/2 Server Push support in ATS
> ---------------------------------
>
>                 Key: TS-3474
>                 URL: https://issues.apache.org/jira/browse/TS-3474
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: HTTP/2
>            Reporter: Sudheer Vinukonda
>            Assignee: Masakazu Kitajo
>             Fix For: 7.0.0
>
>          Time Spent: 5h 20m
>  Remaining Estimate: 0h
>
> I've done some preliminary analysis/prototype of SPDY server push support in 
> ATS, but, ran into a problem with browser (chrome) support for HTTPS cross 
> origin resource push (which is sort of critical in the way, our CDN works). 
> Wanted to open this Jira to share this info with the community and ask for 
> suggestions/opinions.
> Basically, there are 3 approaches in supporting Server push at the proxy 
> layer:
>  - Origin Driven
>  - Client Driven
>  - Proxy Driven
> Origin Driven approach relies on the origin passing pushable resources as 
> special headers in the response to a base page, for instance. We are 
> exploring making use of the HTTP LINK header for this purpose. The proxy 
> would basically initiate PUSH streams to the client for the resources 
> identified by the LINK headers in the base page response and at the same 
> time, fetch those resources by initiating internal SPDY requests. There are a 
> few things to consider such as whether the pushable resources should be 
> limited to only cacheable resources? Whether non-https resources can be 
> pushed on a https connection, vice-versa etc.
> Client Driven approach relies on the Referrer header sent by the client and 
> ATS building dynamically a set of associated resources for a given base page 
> request url. Once such a list is built, the rest of the mechanism is similar 
> to the Origin driven approach.
> Proxy Driven approach is mainly for proto-typing purpose and relies on the 
> proxy extracting/unzipping/parsing the response body and identifying pushable 
> resources and initiating the push resources similar to the other approaches 
> above.  This is performance intensive and will need some optimizations in not 
> having to parse every response, but doing it based on some sort of 
> count/frequency of the access. 
> I did some prototyping and was able to push resources, but, realized there 
> are some stumbling blocks. For example, Chrome doesn't permit cross origin 
> HTTPS resources to be pushed (even if certs were presented for both the 
> original and push domain). See below email from Chrome indicating that they 
> won't fix this behavior.
> https://code.google.com/p/chromium/issues/detail?id=408317
> Here's the summary of the response from Chrome:
> {code}
> "It's very much by design that cross-origin HTTPS push streams are being 
> rejected. The central reason is that the session isn't authenticated for the 
> pushed origin.
> The specific requirement is also that a push stream match the origin of it's 
> declared associated stream. This is true even of a SPDY session which 
> presented certs & authenticated for both the associated & push origins: you 
> still need to arrange for an associated stream on the origin for which you'd 
> like to push. The --trusted-spdy-proxy flag relaxes this somewhat, in that it 
> allows cross-origin HTTP push streams (but not HTTPS).
> The implementation block you point to is indeed where this logic lives.
> There aren't any immediate plans to enable cross-origin HTTPS push, though 
> there are continuing conversations about how it might be done. It'd need to 
> be done very carefully.
> "
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to