是否可以使用 Http2 Cross-origin 推送请求?
Is a Http2 Cross-origin push request possible?
假设我有一台服务器在 url https://example.com/ 提供 HTML 文件,这指的是 url css 文件https://test.com/mystyles.css。是否可以将 mystyles.css 文件作为 HTTP2 连接的一部分与 html 内容一起推送,以便浏览器使用此 css 内容?
我试图通过发送 html 文件当请求到达 http://localhost/ 时,并在 :authority 或 Host header 中使用不同的 hostname/port 推送 css。但是,在 full-page 刷新时,CSS 文件是在服务器的单独请求中获取的,而不是使用推送的 css 文件。
请参阅 this gist 以获取我一直用来测试它的文件。如果我访问 http://localhost:8080/ 那么文本是红色的,但是如果我访问 http://test:8080/ 它是绿色的,这意味着如果来源相同,则使用推送的内容。
是否需要使用 header 的组合才能使其正常工作?可能调用 CORS?
是的,根据这个 blog post from a Chrome developer advocate 从 2017 年开始理论上是可行的。
As the owners of developers.google.com/web, we could get our server to
push a response containing whatever we wanted for android.com, and set
it to cache for a year.
...
You can't push assets for
any origin, but you can push assets for origins which your connection
is "authoritative" for.
If you look at the certificate for developers.google.com, you can see
it's authoritative for all sorts of Google origins, including
android.com.
Viewing certificate information in Chrome Now, I lied a little,
because when we fetch android.com it'll perform a DNS lookup and see
that it terminates at a different IP to developers.google.com, so
it'll set up a new connection and miss our item in the push cache.
We could work around this using an ORIGIN frame. This lets the
connection say "Hey, if you need anything from android.com, just ask
me. No need to do any of that DNS stuff", as long as it's
authoritative. This is useful for general connection coalescing, but
it's pretty new and only supported in Firefox Nightly.
If you're using a CDN or some kind of shared host, take a look at the
certificate, see which origins could start pushing content for your
site. It's kinda terrifying. Thankfully, no host (that I'm aware of) offers full control over HTTP/2 push, and is unlikely to thanks to this little note in the spec: ...
实际上,如果您的证书对其他域具有权限并且它们托管在同一 IP 地址,这听起来是可能的,但这也取决于浏览器支持。我个人尝试用 Cloudflare 做这个,发现他们不支持跨源推送(类似于博客 post 作者在 2017 年对 CDN 的观察)。
假设我有一台服务器在 url https://example.com/ 提供 HTML 文件,这指的是 url css 文件https://test.com/mystyles.css。是否可以将 mystyles.css 文件作为 HTTP2 连接的一部分与 html 内容一起推送,以便浏览器使用此 css 内容?
我试图通过发送 html 文件当请求到达 http://localhost/ 时,并在 :authority 或 Host header 中使用不同的 hostname/port 推送 css。但是,在 full-page 刷新时,CSS 文件是在服务器的单独请求中获取的,而不是使用推送的 css 文件。
请参阅 this gist 以获取我一直用来测试它的文件。如果我访问 http://localhost:8080/ 那么文本是红色的,但是如果我访问 http://test:8080/ 它是绿色的,这意味着如果来源相同,则使用推送的内容。
是否需要使用 header 的组合才能使其正常工作?可能调用 CORS?
是的,根据这个 blog post from a Chrome developer advocate 从 2017 年开始理论上是可行的。
As the owners of developers.google.com/web, we could get our server to push a response containing whatever we wanted for android.com, and set it to cache for a year.
...
You can't push assets for any origin, but you can push assets for origins which your connection is "authoritative" for.
If you look at the certificate for developers.google.com, you can see it's authoritative for all sorts of Google origins, including android.com.
Viewing certificate information in Chrome Now, I lied a little, because when we fetch android.com it'll perform a DNS lookup and see that it terminates at a different IP to developers.google.com, so it'll set up a new connection and miss our item in the push cache.
We could work around this using an ORIGIN frame. This lets the connection say "Hey, if you need anything from android.com, just ask me. No need to do any of that DNS stuff", as long as it's authoritative. This is useful for general connection coalescing, but it's pretty new and only supported in Firefox Nightly.
If you're using a CDN or some kind of shared host, take a look at the certificate, see which origins could start pushing content for your site. It's kinda terrifying. Thankfully, no host (that I'm aware of) offers full control over HTTP/2 push, and is unlikely to thanks to this little note in the spec: ...
实际上,如果您的证书对其他域具有权限并且它们托管在同一 IP 地址,这听起来是可能的,但这也取决于浏览器支持。我个人尝试用 Cloudflare 做这个,发现他们不支持跨源推送(类似于博客 post 作者在 2017 年对 CDN 的观察)。