Hi all.
Does anyone here know what the deal is with upload.wikimedia.org/crossdomain.xml ? I couldn't find it anywhere in the puppet repository. I was under the impression that it was so cortado java applet could play video files. However its current value is:
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> <allow-http-request-headers-from domain="*" headers="X-Range" /> </cross-domain-policy>
And java (or at least some versions. Docs are a bit scarce. The old version I have installed - 1.6.0_12 follows this at any rate), seem to indicate that java doesn't support the "allow-http-request-headers-from" element, and will ignore the file if present. Thus if you get past the whole applet is unsigned (not easy on modern java), you will be burned by the same origin policy preventing loading from upload.wikimedia.org since java doesn't like the crossdomain.xml
Thus I'm wondering what the "<allow-http-request-headers-from domain="*" headers="X-Range" />" is for. What else do we use that looks at this file? (Flash would be the most obvious candidate for using such a file. ). Why would it want to allow an "X-Range" header anyways? Isn't the header named "Range" without the X- ? In my quick test, sending an x-range header did nothing.
--bawolff
That X-Range header was an experiment me and Faidon tried for the ogv.js media player I've been prototyping (Flash fallback version) . We couldn't get the extra header -- or the regular Range header -- to work through the varnish layer though, so current code doesn't use it.
Its safe to remove that part from the file.
I'm going to recommend something like DASH streaming to better handle seeking, dynamic resolution changes, and clean buffering & http cache friendliness; will put some notes together on that in a bit, probably months out from prototyping it.
(Long story short, a media stream is divided into small chunks of video or audio, those get loaded a couple at a time over plain http/https, and the player stitches them back into a continuous stream - but with the ability to switch resolution s at, or seek to, any packet boundary without any partial content stuff.)
-- brion On Jul 5, 2014 12:58 AM, "Brian Wolff" bawolff@gmail.com wrote:
Hi all.
Does anyone here know what the deal is with upload.wikimedia.org/crossdomain.xml ? I couldn't find it anywhere in the puppet repository. I was under the impression that it was so cortado java applet could play video files. However its current value is:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy> <allow-access-from domain="*" /> <allow-http-request-headers-from domain="*" headers="X-Range" /> </cross-domain-policy>
And java (or at least some versions. Docs are a bit scarce. The old version I have installed - 1.6.0_12 follows this at any rate), seem to indicate that java doesn't support the "allow-http-request-headers-from" element, and will ignore the file if present. Thus if you get past the whole applet is unsigned (not easy on modern java), you will be burned by the same origin policy preventing loading from upload.wikimedia.org since java doesn't like the crossdomain.xml
Thus I'm wondering what the "<allow-http-request-headers-from domain="*" headers="X-Range" />" is for. What else do we use that looks at this file? (Flash would be the most obvious candidate for using such a file. ). Why would it want to allow an "X-Range" header anyways? Isn't the header named "Range" without the X- ? In my quick test, sending an x-range header did nothing.
--bawolff
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 7/6/14, Brion Vibber bvibber@wikimedia.org wrote:
That X-Range header was an experiment me and Faidon tried for the ogv.js media player I've been prototyping (Flash fallback version) . We couldn't get the extra header -- or the regular Range header -- to work through the varnish layer though, so current code doesn't use it.
What problem did you experience? At first glance, the range header appears to work for me. (Although whether varnish actually caches ranged responses is unclear)
Its safe to remove that part from the file.
I'm going to recommend something like DASH streaming to better handle seeking, dynamic resolution changes, and clean buffering & http cache friendliness; will put some notes together on that in a bit, probably months out from prototyping it.
(Long story short, a media stream is divided into small chunks of video or audio, those get loaded a couple at a time over plain http/https, and the player stitches them back into a continuous stream - but with the ability to switch resolution s at, or seek to, any packet boundary without any partial content stuff.)
That definitely sounds cool.
--bawolff
On Sat, Jul 5, 2014 at 11:23 PM, Brian Wolff bawolff@gmail.com wrote:
On 7/6/14, Brion Vibber bvibber@wikimedia.org wrote:
That X-Range header was an experiment me and Faidon tried for the ogv.js media player I've been prototyping (Flash fallback version) . We couldn't get the extra header -- or the regular Range header -- to work through
the
varnish layer though, so current code doesn't use it.
What problem did you experience? At first glance, the range header appears to work for me. (Although whether varnish actually caches ranged responses is unclear)
From the Flash level we can't actually send the Range header as it's
blacklisted; the theory was to send a secondary header which we could translate in Varnish; I don't recall the details now of whether that translation was flaky or whether Flash still wouldn't even send that header.
-- brion
On Sat, Jul 05, 2014 at 09:09:07PM -0700, Brion Vibber wrote:
That X-Range header was an experiment me and Faidon tried for the ogv.js media player I've been prototyping (Flash fallback version) . We couldn't get the extra header -- or the regular Range header -- to work through the varnish layer though, so current code doesn't use it.
Its safe to remove that part from the file.
Removed :) Thanks Brian.
Faidon
On 7/6/14, Faidon Liambotis faidon@wikimedia.org wrote:
On Sat, Jul 05, 2014 at 09:09:07PM -0700, Brion Vibber wrote:
That X-Range header was an experiment me and Faidon tried for the ogv.js media player I've been prototyping (Flash fallback version) . We couldn't get the extra header -- or the regular Range header -- to work through the varnish layer though, so current code doesn't use it.
Its safe to remove that part from the file.
Removed :) Thanks Brian.
Faidon
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Thanks for the quick response.
However on my test (This might be related to not having updated java in something like 4 years. Using 6u12), it still doesn't work.
I think java is looking for the dtd to be http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd not http://www.adobe.com/xml/dtds/cross-domain-policy.dtd At least that's the only difference I could see between the doc examples and what wikimedia is using. Googling suggests java is very picky about the crossdomain.xml files
--bawolff
wikitech-l@lists.wikimedia.org