-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WASM headers for online #3258
Comments
Nope - we should run our WASM off the main thread, and do load, rendering etc. in the background; while continuing to render the UI in the main-thread with the same front-end code as now. |
In that case the header should not be needed as far as @danxuliu told me |
Hmm - ok ? it seems that we need the parent frame of our iframe to have this @Ashod can you provide more details; quite possibly I've mistaken what's up here I think. Quite possibly our startup WASM runs in the main thread initially (not sure). |
I believe we need these two headers when serving the parent:
Also had to add script-src unsafe-eval to the CSP header of our frame/js/wasm serving, but we will find out if that is required when we load with the above headers as the missing unsafe-eval was mentioned in the error message. |
unsafe-eval would be quite an impactful change security wise. For the others I pushed a quick PR to #3260 which should achieve setting those headers for Nextcloud. However we should of course get more clarify about which headers to add in the end, why and its implications. |
unsafe-eval sounds bad; but I think we can do that with wasm-eval in future :-) thanks Julius. |
@juliushaertl, I'd like to run some tests locally. Any chance to get the draft PR polished so I can build locally and test? |
@Ashod Pushed and should be testable with that now. |
Thanks @juliushaertl. The PR branch being out-of-date shouldn't be an issue? @caolanm, does #3260 work for you? Are you able to apply it and build? |
I have this patched richdocuments and a local nextcloud install. I can see it has an effect, but right now if I open a document, without wasm, then I just get an error of: [getWopiUrl] http://localhost/nextcloud/index.php/apps/richdocuments/wopi/files/7_oca1b28l9m0b url.js:42:9 |
Seems this was caused by those two headers: #3258 (comment) I pushed a fix up to the PR. |
It seems that these two headers block maps and memories to load tiles and thumbnails/pictures
|
Yeah, isn't it possible to achieve everything via CSP for the very individual pages of the Nextcloud Office app that require it, instead of globally for all Nextcloud? While it breaks other apps, the only workaround seems to be to set
Hmm, only CSP option seems to be @droogi could you open a new issue here about this? Actually not good to discuss in a closed one. |
As asked for by @mmeeks we would need to have
wasm-unsafe-eval
CSP headers set for WASM experiments currently taking place.I checked back and we have a partly mechanism available to set those by nextcloud/server#38082 this is however not used yet by Nextcloud Talk, as there the wasm is running in a service worker which doesn't require this.
We should be able to add those headers of course, just some additional questions:
@mmeeks To you have a need to run the online wasm in the main thread? As far as I understood this could have a significant impact on browser responsiveness.
The text was updated successfully, but these errors were encountered: