One of the biggest missed opportunities thus far with HTTP/2 ("H/2") is that we are not yet able to sunset WebSockets in favor of H/2. Web Sockets and H/2 both support multiplexing messages bi-directionally and can send both textual and binary data.
Server Sent Events ("SSE"), by contrast, are not bi-directional (they're a "server-push-only" channel) and binary data cannot be sent easily. They are, however, very simple to implement. Adding to the menagerie of options, RTCPeerConnection
can also be used to signal data to applications in a low-latency (but potentially lossy) way.
Because H/2 does not support the handshake (upgrade) that WebSockets use to negotiate a connection (abandoned draft approach to repairing here), web developers are faced with a complex set of choices regarding how to handle low-latency data updates for their apps.
Web apps may benefit from a WebSocket-like API for receiving data updates without a custom protocol (e.g., Web Sockets or SSE) and associated infrastructure. An API for H/2 push receipts seems like a natural solution to this quandry, but H/2 has created a non-origin sharing concept for pushed responses. The upshot is that H/2's behavior needs to be futher constrained to only consider single origins (or URLs) so that an application is not incidentially confused by pushes into a shared H/2 cache by an app for which the server is also authoritative but which the application does not wish to trust.
The Server Sent Events API, perhaps, provides a way forward. What if, instead of only connecting to SSE-protocol supporting endpoints, a call to new EventSource(...)
could also subscribe to pushed updates to individual URLs (or groups of URLs) and allow notifiation to the application whenever an H/2 PUSH_PROMISE
resolves?
A minor extension to SSE might allow use of H/2 push as a substrate for delivering messages, with a slight modification of the event payload to accomodate providing Response
objects as values:
// If an H/2 channel is open, any PUSH_PROMISE for the resource at
// `/endpoint` will trigger a "resourcepush" event
let es = new EventSource("/endpoint", {
withCredentials: true
});
es.addEventListener("resourcepush", (e) => {
console.log(e.data instanceof Response);
});
Opting in to globbing for all push promises below a particular scope might look like:
// Any resource pushed to "/endpoint" or anything that matches that
// as a prefix will deliver to this handler
let es = new EventSource("/endpoint", {
withCredentials: true,
matchScope: true
});
es.addEventListener("resourcepush", (e) => {
console.log(e.data.url);
});
// If multiple handlers are installed, it's longest-prefix-wins, ala
// Service Workers:
let es = new EventSource("/endpoint/channel", {
withCredentials: true,
matchScope: true
});
// If a push is sent to `/endpoint/blargity`, will be handled by previous source
// If a push is sent to `/endpoint/channel`, `/endpoint/channel1`, or
// `/endpoint/channel2`, it will be delivered below:
es.addEventListener("resourcepush", (e) => {
console.log("channel-pushed resource:", e.data.url);
});
"resourcepush"
is a terrible name.- should updates to previously pushed resources be opt-in instead of transparent?
- do we need a version of this API that allows delivery to Service Workers?
- how much of a problem is the H/2 vs. Origin Model split in practice? Do we actually know?
- via Ryan Sleevi, to what extent should we allow subscriptions to any origin?
A notable downside of the proposed design is that it might "miss" same-origin payloads sent earlier in the page's lifecycle over the channel. One could imagine a version of the proposal that adds a flag to enable subscription-time delivery of these resources so long as they're still in the push cache. Putting this feature as another optional flag feels clunky, though.
One way to make it less clunky would be to describe the API in terms of an Observer pattern (e.g. Intersection Observer). The above example might then become:
let options = {
path: "/endpoint",
withCredentials: true,
matchScope: true
};
let callback = (records, observer) => {
records.forEach((r) => {
console.log(r instanceof Response); // === true
};
};
let resoureObserver = new ResourceObserver(callback, options);
This feels somewhat better as one of the key distinguishers of Observer-pattern APIs is their ability to scope interest in a specific subset of all events internal to the system. We also dont need to cancel delivery, so phraising it as an Event might not be great. It is, however, much more new API surface area.
Another considered alternative might instead put registration for listening inside a Service Worker's installation or activation phase; e.g.:
self.addEventListener("install", (e) => {
e.registerResourceListener("/endpoint", {
withCredentials: true,
matchScope: true
});
});
self.addEventListener("resourcePush", (e) => {
console.log("channel-pushed resource:", e.data.url);
});
This is interesting because it would allow us to avoid delivering these events to all windows and tabs which are open, and doesn't upset our design goal for Service Workers to be shut down when not in use. The ergonomics suffer somewhat: what about pages that don't have a SW (e.g., first-load)? Does handling resource pushes then gate on SW install time (which can take a long while)? Also, Response
objects can't be sent postMessage
to clients as they aren't structured-clonable, meaning the SW would need to signal to a page that an update is available and then, perhaps, transfer the data by extracting it from the Response
body to send via postMessage
or transfer using the Cache API.
I was editing an RFC about multiplexing for WebSockets, but it's been abandoned in favor of H2. For now, WebSockets are bidirectional but not multiplexed at all. There has been several proposals of WS/H2 made but nothing's standardized/implemented yet.
What's described in jakearchibald's post is really what's been envisioned for Streams/Fetch integration. It would hopefully realize bi-directional multiplexed communication within the standard HTTP semantics.
That said, WebSockets have an established ecosystem (community, infrastructure, code, library, etc.). According to Chrome's statistics, 4% of page visits are using WebSockets. My gut impression is that both fetch()/Streams and WebSocket API would continue working as a pair of wheels for the Web for a while, at least the API and possibly the framing would also.
To address the issues in the abandoned proposal https://tools.ietf.org/html/draft-hirano-httpbis-websocket-over-http2-01, I've been working on https://tools.ietf.org/html/draft-yoshino-wish-03, and Patrick from Mozilla has just also proposed WS/H2 bootstrapping idea https://tools.ietf.org/html/draft-mcmanus-httpbis-h2-websockets-00. I'm investigating his proposal now.
Notifying pushed resources to the page and allowing them to be used easily is also important topic in terms of better resource loading, but should be discussed separately, I think. I feel that PUSH_PROMISE is not the right tool for building something replacing WebSockets as benaadams@ analyzed above. Comet/H2 would just work well for some cases.
I agree that it can be something EventSource-like (in terms of subscribing to some identifier and receiving multiple events notifying some changes received), but it should be a separate API, I think, as EventSource is designed to be raw data communication interface, not about resources. It would be confusing if we mix it with the "resourcepush" stuff which is very different from the original semantics.
window.Cache is a part of the CacheStorage API. AFAIU, it's not an abstraction of the HTTP cache of a UA though it's closely related.
But I agree that the interface for probing PUSH_PROMISE should be not specific to PUSH_PROMISE but more generalized HTTP cache probing interface. It looks Ilya also said so in https://gist.github.com/slightlyoff/18dc42ae00768c23fbc4c5097400adfb#gistcomment-2227368. Do we want to distinguish refreshing of a cache entry by push and one by re-validation/reload/etc.? My understanding has been no, though I might missing some point.
IIUC, the goal of such interface is
Am I understanding correctly?
So, it would be something like as follows, I guess: