webrepl: Allow the page to run from the device (over HTTP). #70
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
websocket_helper.py wasn't useful as a standalone library outside of webrepl_cli.py. Removes unused server_handshake function. Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
The device will respond to a non-WS request with a simple page that loads websocket_content.js from a static host (http or https). However, even if the resources are https, the page is still http and therefore allows requesting to a WS (not WSS) websocket on the device. Updated the warning about HTTPS and the default-ws-URL logic. Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
|
There are two other alternatives for solving this:
Also note that webrepl_content.js shouldn't be included in this commit (and I will add a .gitignore for it) but it's just there for now for testing (so it will be served up by gitcdn). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an attempt to solve the issue where the publicly-hosted webrepl on
https://micropython.org/webreplis currently non-functional due to the page being served via https, but attempting to connect to a device hosting a non-secure websocket. See micropython/micropython#5266The new behaviour is that the device itself serves up the webrepl client, but in order to minimise space on the device it is a very minimal page that contains a script tag that loads
https://micropython.org/webrepl/webrepl_content.js. This then document.write's the HTML content that would have otherwise been loaded fromhttps://micropython.org/webrepl.So now the page is allowed to access the device over non-secure websocket (as the page itself is http, despite the resources were loaded via https), and furthermore it's same-origin.
See edit-with-link-to-main-repo-PR-when-submitted for the corresponding change to the on-device code.
This PR contains:
webrepl_content.jsas there's only HTML to escape.