Your SlideShare is downloading. ×
0
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

V2 peter-lubbers-sf-jug-websocket

3,811

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,811
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
133
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • WebSocket is text-only
  • Cross-site scripting error in earlier version of Firefox and Firebug
  • Because the path may contain sensitive information, the referer is sometimes not sent by browsers attempting to protect user privacy.
  • Transcript

    • 1. San Francisco Java User Group Meeting<br />May 11, 2010<br />HTML5 WebSocket& Communication <br />By Peter Lubbers,<br />Kaazing<br />
    • 2. About Peter Lubbers<br /><ul><li>Director of Documentation and Training, Kaazing Yes, we’re hiring!</li></ul>Co-Founder San Francisco HTML5 User Grouphttp://www.sfhtml5.org/<br /><ul><li>Ultra Distance Runner</li></ul>Twitter: @peterlubbers<br />Co-author Pro HTML5 Programming<br />Alpha Release: www.prohtml5.com<br />Special 50% Off Coupon Code:APRESSPROHTML5WR (expires May 31st)<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 3. New HTML5 User Groups!<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br /><ul><li>San Franciscohttp://www.sfhtml5.org/First meetup: 28 May
    • 4. New Yorkhttp://www.meetup.com/NY-HTML5-User-Group/First meetup: 16 June
    • 5. Londonhttp://www.meetup.com/LondonHTML5UG/First meetup: 19 May</li></li></ul><li>Agenda<br />HTML5 WebSocket<br />Tin-can communication<br />Meet HTML5 WebSocket<br />HTML5 WebSocket in the enterprise<br />Scaling through simplicity<br />HTML5 Communication<br />Server-Sent Events<br />XMLHttpRequest Level 2<br />Cross Document Messaging<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 6. HTML5 WebSocket<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 7. Today’s Requirements<br /><ul><li>Today’s Web applications demand reliable, real-time communications with near-zero latency
    • 8. Not just broadcast, but bi-directional communication
    • 9. Examples:
    • 10. Financial applications
    • 11. Social networking applications
    • 12. Online games
    • 13. Smart power grid</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 14. The Perils of Polling<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />No-Fly list notupdated…<br />
    • 15. HTTP Is Not Full Duplex<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 16. About HTTP<br />HTTP was originally designed for document transfer<br />Until now, it has been cumbersome to achieve real-time, bi-directional web communication due to the limitations of HTTP<br /><ul><li>HTTP is half-duplex (traffic flows in only one direction at a time)
    • 17. Header information is sent with each HTTP request and response, which can be an unnecessary overhead</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 18. About Ajax and Comet<br /><ul><li>Great toilet cleaners…
    • 19. Ajax (Asynchronous JavaScript and XML) can be used to build interactive Web apps</li></ul>Content can change without refreshing the entire page<br />User-perceived low latency<br /><ul><li>“Real-time” often achieved through polling and long-polling (Comet or Reverse Ajax)</li></ul>Comet lack of a standard implementation<br />Comet adds lots of complexity<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 20. Half-Duplex Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 21. Polling Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 22. Polling<br /><ul><li>Polling is “nearly real-time”
    • 23. Used in Ajax applications to simulate real-time communication
    • 24. Browser sends HTTP requests at regular intervals and immediately receives a response</li></ul>In low-message-rate situations, many connections are opened and closed needlessly<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 25. Long Polling Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 26. Long Polling<br /><ul><li>Also known as asynchronous-polling
    • 27. Browser sends a request to the server and the server keeps the request open for a set period
    • 28. HTTP headers, present in both long-polling and polling often account for most of the network traffic</li></ul>In high-message rate situations, long-polling results in a continuous loop of immediate polls<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 29. Streaming Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 30. Streaming<br /><ul><li>More efficient, but sometimes problematic
    • 31. Possible complications:</li></ul>Proxies and firewalls<br />Response builds up and must be flushed periodically<br />Cross-domain issues to do with browser connection limits<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 32. Comet Demo<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 33. HTTP Request Headers<br />POST /gwt/EventService HTTP/1.1<br />Host: gpokr.com<br />Connection: keep-alive<br />User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5<br />Referer: http://gpokr.com/gwt/7F5E66657B938E2FDE9CD39095A0E9E6.cache.html<br />Content-Length: 134<br />Origin: http://gpokr.com<br />Content-Type: text/plain; charset=utf-8<br />Accept: */*<br />Accept-Encoding: gzip,deflate,sdch<br />Accept-Language: en-US,en;q=0.8<br />Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3<br />Cookie: __utmz=247824721.1273102477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=E7AAE0E60B01FB88D1E3799FAD5C62B3; __utma=247824721.1247485893.1273102477.1273104838.1273107686.3; __utmc=247824721; __utmb=247824721.4.10.127<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 34. HTTP Response Headers<br />200 OK<br />Server: Apache-Coyote/1.1<br />Expires: Thu, 06 May 2010 01:06:51 GMT<br />Content-Type: text/plain;charset=UTF-8<br />Content-Length: 303<br />Date: Thu, 06 May 2010 01:06:50 GMT<br /><ul><li>Total (unnecessary) HTTP request and response header information overhead: 871 bytes (example)
    • 35. Overhead can be as much as 2000 bytes</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 36. HTTP Header Traffic Analysis<br /><ul><li>Example network throughput for HTTP request and response headers associated with polling
    • 37. Use case A: 1,000 clients polling every second:
    • 38. Network throughput is (871 x 1,000) = 871,000 bytes = 6,968,000 bits per second (~6.6 Mbps)
    • 39. Use case B: 10,000 clients polling every second:
    • 40. Network throughput is (871 x 10,000) = 8,710,000 bytes = 69,680,000 bits per second (~66 Mbps)
    • 41. Use case C: 100,000 clients polling every second:
    • 42. Network throughput is (871 x 100,000) = 87,100,000 bytes = 696,800,000 bits per second (~665 Mbps)</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 43. Comet: Headache 2.0<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 44. Complexity does not scale<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 45. Vote NO on Tin Cans and String for Communication!<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 46. Enter HTML5 WebSocket!<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 47. HTML5 WebSocket<br /><ul><li>W3C API and IETF Protocol
    • 48. Full-duplex text-based socket
    • 49. Enables web pages to communicate with a remote host
    • 50. Traverses firewalls, proxies, and routers seamlessly
    • 51. Leverages Cross-Origin Resource Sharing (CORS)
    • 52. Share port with existing HTTP content (80/443)</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 53. Pop Quiz<br />What does WebSocket have in common with model trains?<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 54. Possible WebSocket Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 55. HTML5 WebSocket Schemes<br /><ul><li>WebSocket</li></ul>ws://www.websocket.org/text<br /><ul><li>WebSocket Secure</li></ul>wss://www.websocket.org/encrypted-text<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 56. HTML5 WebSocket<br /><ul><li>Connection established by upgrading from the HTTP protocol to the WebSocket protocol using the same TCP connection
    • 57. Once upgraded, WebSocket data frames can be sent back and forth between the client and the server in full-duplex mode</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 58. HTML5 WebSocket Handshake<br />Client<br />GET /text HTTP/1.1Upgrade: WebSocketConnection: UpgradeHost: www.example.com<br />Origin: http://example.com<br />WebSocket-Protocol: sample… <br />Server<br />HTTP/1.1 101 WebSocket Protocol HandshakeUpgrade: WebSocketConnection: Upgrade<br />WebSocket-Origin: http://example.com<br />WebSocket-Location: ws://example.com/demo<br />WebSocket-Protocol: sample… <br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 59. HTML5 WebSocket Frames<br /><ul><li>Frames can be sent full-duplex, in either direction at any the same time
    • 60. Each frame of data:</li></ul>Starts with a 0x00 byte and End with a 0xFF byte<br />Contains UTF-8 data in between<br /><ul><li>Example:</li></ul>x00Hello, WebSocketxff<br />There is no defined maximum size<br />If the user agent has content that is too large to be handled, it must fail the Web Socket connection<br />JavaScript does not allow >4GB of data, so that is a practical maximum<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 61. Using the WebSocket API<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 62. Checking For Browser Support<br />JavaScript<br />//Checking for browser support<br />if (window.WebSocket) {<br /> document.getElementById("support").innerHTML = "HTML5 WebSocket is supported";<br /> } else {<br /> document.getElementById("support").innerHTML = "HTML5 WebSocket is not supported";<br /> }<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 63. Using the WebSocket API<br />JavaScript<br />//Create new WebSocket<br />var mySocket = new WebSocket(“ws://www.websocket.org”);<br />// Associate listeners<br />mySocket.onopen = function(evt) {<br /> alert(“Connection open…”);<br />};<br />mySocket.onmessage = function(evt) {<br /> alert(“Received message: “ + evt.data);<br />};<br />mySocket.onclose = function(evt) {<br /> alert(“Connection closed…”);<br />};<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 64. Using the WebSocket API<br />JavaScript<br />// Sending data<br />mySocket.send(“HTML5 WebSocket Rocks!”);<br />//Close WebSocket<br />mySocket.close();<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 65. Browser Support for WebSocket<br />Chrome 4.0+<br />WebKit Nightly builds<br />Support planned for Firefox:“We really really want to support WebSockets in the next version of Firefox.” –Christopher Blizzard, Mozilla<br />Dev channel<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 66. Example: NativeWebSocket in Chrome<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 67. WebSocket Emulation<br /><ul><li>Kaazing WebSocket Gateway
    • 68. http://www.kaazing.com/download
    • 69. Makes WebSocket work in all browsers today (including I.E. 6)
    • 70. Flash WebSocket implementation
    • 71. http://github.com/gimite/web-socket-js
    • 72. Requires opening port on the server’s firewall </li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 73. Beyond WebSocket<br /><ul><li>Once you have WebSocket, you can communicate with WebSocket Servers and back-end servers and directly with message brokers
    • 74. You can extend client-server protocols to the web:
    • 75. XMPP, Jabber
    • 76. Pub/Sub (Stomp/AMQP)
    • 77. Gaming protocols
    • 78. Any TCP-based protocol
    • 79. Browser becomes a first-class network communication citizen</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 80. Financial Applications<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 81. Example: WebSocket-Based Quake II GamePort<br />http://code.google.com/p/quake2-gwt-port<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 82. Twitter Feed<br />http://kaazing.me<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 83. WebSocket in the Enterprise <br />
    • 84. WebSocket and Web Intermediaries<br />Web Socket protocol itself is unaware of proxy servers and firewalls<br />WebSocket features an HTTP-compatible handshake so that HTTP servers can share their default HTTP and HTTPS ports (80 and 443) with a WebSocket server<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 85. Securing WebSocket Traffic<br />WebSocket defines the ws:// and wss:// schemes<br />WSS is WS over TLS (Transport Layer Security), formerly known as SSL (Secure Socket Layer) support (Similar to HTTPS)<br />An HTTPS connection is established after a successful TLS handshake (using public and private key certificates)<br />HTTPS is not a separate protocol, but it is HTTP running on top of a TLS connection (default ports is 443) <br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 86. Proxy Servers<br />A proxy server is a server that acts as an intermediary between a client and another server (for example, a web server on the Internet)<br />Commonly used for content caching, Internet connectivity, security, and enterprise content filtering<br />May also buffer unencrypted HTTP responses, thereby introducing unpredictable latency during HTTP response streaming<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 87. Types of Proxy Servers<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 88. WebSocket Proxy Traversal<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />http://www.infoq.com/articles/Web-Sockets-Proxy-Servers<br />
    • 89. Load Balancing Routers<br />TCP(layer-4) load-balancing routers should work well with HTML5 Web Sockets, because they have the same connection profile: connect once up front and stay connected, rather than the HTTP document transfer request-response profile<br />HTTP (Layer 7) load-balancing routers expect HTTP traffic and can easily get confused by WebSocket upgrade traffic. For that reason, Layer 7 load balancing routers may need to be configured to be explicitly aware of WebSocket traffic<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 90. Firewalls<br />Since firewalls normally just enforce the rules for inbound traffic rejection and outbound traffic routing (for example, through the proxy server), there are usually no specific WebSocket traffic-related firewall concerns<br />For regular socket connections (for example, for a desktop client) you must open a port on the firewall<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 91. WebSocket Traffic Analysis  <br />
    • 92. WebSocket Demo<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 93. Dramatic Reduction in Network Traffic<br /><ul><li>With WebSocket, each frame has only 2 bytes of packaging (a 500:1 or even 1000:1 reduction)
    • 94. No latency involved in establishing new TCP connections for each HTTP message
    • 95. Dramatic reduction in unnecessary network traffic and latency
    • 96. Remember the Polling HTTP header traffic? 665 Mbps network throughput for just headers</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 97. WebSocket Framing Analysis<br /><ul><li>Example network throughput overhead associated with WebSocket framing
    • 98. Use case A: 1,000 clients receive 1 message per second: Network throughput is (2 x 1,000) = 2,000 bytes = 16,000 bits per second (~0.015 Mbps)
    • 99. Use case B: 10,000 clients receive 1 message per second: Network throughput is (2 x 10,000) = 20,000 bytes = 160,000 bits per second (~0.153 Mbps)
    • 100. Use case C: 100,000 clients receive 1 message per second: Network throughput is (2 x 100,000) = 200,000 bytes = 1,600,000 bits per second (~1.526 Mbps)</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 101. Polling vs. WebSocket<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 102. Latency Reduction<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 103. Overheard…<br /> “Reducing kilobytes of data to 2 bytes…and reducing latency from 150ms to 50ms is far more than marginal. In fact, these two factors alone are enough to make WebSocket seriously interesting to Google.”<br />—Ian Hickson (Google, HTML5 spec lead)<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 104. HTML5 Communication<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 105. HTML5 Communication<br />HTML5 defines a few more handy communication features:<br />Cross Document Messaging<br />XMLHttpRequest Level 2<br />Server-Sent Events<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 106. Cross Document Messaging<br />Enables secure cross-origin communication across iframes, tabs, and windows (using origin security)<br />Defines the PostMessage API as a standard way to send messages<br />Provides asynchronous message passing between JavaScript contexts<br />HTML5 clarifies and refines domain security by introducing the concept of an origin<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 107. Same-OriginPolicy<br />The browsers’ same-origin policies prevent a script (or document) loaded from one origin from communicating with a document loaded from another origin<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 108. Origin Concept<br />An origin is a subset of an address used for modeling trust relationships on the Web<br />Origins are made up of a scheme, a host, and a port—different origin:<br />https://www.example.com <br />http://www.example.com<br />The path is not considered in the origin value—same origin:<br />http://www.example.com/index.html<br />http://www.example.com/page2.html<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 109. Cross Document Messaging<br />When you send a message, the sender specifies the receiver’s origin<br />When you receive a message, the sender’s origin is included as part of the message (The message’s origin is provided by the browser and cannot be spoofed)<br />This allows you to decide which messages to process and which to ignore<br />You can keep a white list and process only messages from documents with trusted origins<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 110. PostMessage Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 111. PostMessage API<br />The PostMessage API can be used for communicating between documents with the same origin <br />PostMessage provides asynchronous message passing between JavaScript contexts. <br />Useful when communication might otherwise be disallowed by the same-domain policy<br />Also provides a consistent, easy-to-use API<br />Also used in other HTML5 APIs for communication between JavaScript contexts, for example in HTML5 Web Workers<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 112. Using the PostMessage API<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 113. Using the PostMessage API<br />JavaScript<br />//Sending a message:<br />myFrame.contentWindow.postMessage('Hello, world', 'http://www.example.com/');<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 114. Using the PostMessage API<br />JavaScript<br />//Listening for messages:<br />window.addEventListener(“message”, messageHandler, true);<br />function messageHandler(e) {<br /> switch(e.origin) {<br /> case “friend.example.com”:<br /> // process message<br />processMessage(e.data);<br /> break;<br /> default:<br /> // message origin not recognized<br /> // ignoring message<br /> }<br />}<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 115. Browser Support for Cross Document Messaging<br />Chrome 2.0+<br />Firefox 3.5+<br />IE 8.0+<br />Opera 9.6+<br />Safari 4.0+<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 116. XMLHttpRequest Level 2<br />XMLHttpRequest Level 2<br />XMLHttpRequest is the API that made Ajax possible<br />XMLHttpRequest Level 2 significantly enhances XMLHttpRequest <br />Progress events<br />Cross-origin XMLHttpRequest<br />XMLHttpRequest Level 2 allows for cross-origin XMLHttpRequests using Cross Origin Resource Sharing (CORS)<br />http://www.w3.org/TR/access-control/<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 117. Cross-origin HTTP requests<br />Cross-origin HTTP requests have an Origin header that provides the server with the request’s origin<br />This header is protected by the browser and cannot be changed from application code<br />In essence, a network equivalent of the origin property found on message events used in Cross Document Messaging.<br />The origin header differs from the older referer [sic] header in that the referer is a complete URL including the path<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 118. Origin and Referer (Request)<br />JavaScript<br />POST /main HTTP/1.1<br />Host: www.example.net<br />User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090910 Ubuntu/9.04 (jaunty) Shiretoko/3.5.3<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<br />Accept-Language: en-us,en;q=0.5<br />Accept-Encoding: gzip,deflate<br />Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br />Keep-Alive: 300<br />Connection: keep-alive<br />Referer: http://www.example.com/path<br />Origin: http://www.example.com<br />Pragma: no-cache<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 119. Origin and Referer (Response)<br />JavaScript<br />HTTP/1.1 201 Created<br />Transfer-Encoding: chunked<br />Server: Kaazing Gateway<br />Date: Mon, 02 Nov 2009 06:55:08 GMT<br />Content-Type: text/plain<br />Access-Control-Allow-Origin: http://www.example.com<br />Access-Control-Allow-Credentials: true<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 120. Progress Events<br />One of the most important API improvements in XMLHttpRequest have been the changes related to progressive responses<br />Before XHR Level 2:<br />There was only a single readystatechange event<br />Inconsistently implemented across browsers (for example, readyState 3  (progress) never fires in Internet Explorer)<br />Lacked a way to communicate upload progress. Implementing (for example, building an upload progress bar was not a trivial task)<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 121. Progress Events<br /><ul><li>XMLHttpRequest Level 2 supports named progress events:</li></ul>loadstart<br />progress<br />abort<br />error<br />load<br />loadend<br /><ul><li>readyState property and readystatechange events retained for backward compatibility</li></ul>Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 122. Using the XMLHttpRequest API<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 123. Progress Events<br /><ul><li>Progress events have fields for:</li></ul>The total amount of data to transfer<br />The amount that has already transferred<br />Whether the total is known (Boolean value)<br />JavaScript<br />crossOriginRequest.upload.onprogress = function(e) {<br /> var total = e.total;<br /> var loaded = e.loaded;<br /> if (e.lengthComputable) {<br /> // do something with the progress information<br /> }<br />}<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 124. Cross-Origin XMLHttpRequest<br /><ul><li>XMLHttpRequest Level 2 allows for cross-origin XMLHttpRequests using Cross Origin Resource Sharing (CORS)</li></ul>http://www.w3.org/TR/access-control/<br />JavaScript<br />//from http://www.example.com<br />var crossOriginRequest = new XMLHttpRequest();<br />crossOriginRequest.open("GET", "http://www.example.net/stockfeed", true);<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 125. Browser Support for XMLHttpRequest Level 2<br />Chrome 2.0+ <br />Firefox 3.5+<br />Safari 4.0+<br />Note: some server side participation may be required (CORS)<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 126. HTML5Server-Sent Events<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 127. Server-Sent Events<br />Server-Sent Events (SSE) standardizes and formalizes how a continuous stream of data can be sent from a server to a browser<br />Effectively standardizes Comet and Reverse Ajax<br />EventSource API for broadcasting data from server to client<br />SSE is compatible with almost any setup that uses HTTP today (WebSocket requires that intermediaries support full-duplex connections)<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 128. Server-Sent Events<br />Server-Sent features<br />Reconnection<br />Event IDs<br />Ability to send arbitrary events<br />Server-Sent Events can be used for automated data push mechanisms (for example, updating Web Storage)<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 129. SSE Architecture<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 130. Using the EventSource API<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 131. Using the EventSource API<br />JavaScript<br />//Connects to a server URL to receive an event stream:var stream = new EventSource("http://news.kaazing.com");<br />Set event handlers:<br />stream.onopen = function() { alert(“open”); } <br />stream.onmessage = function(event) { alert(“message: “ + event.data); }<br />stream.onerror = function() { alert(“error”); }<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 132. Example: News Broadcast<br />http://kaazing.me/<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 133. Browser Support for Server-Sent Events<br />Opera 9.0+ partial support<br />Development in Firefox Trunk<br />Dev channel<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 134. Q&A<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />
    • 135. SF JUG HTML5 Meeting Special!<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />HTML5ROCKS<br />10% Off Any HTML5 Training<br />With Coupon Code HTML5ROCKS<br />http://tech.kaazing.com/training/index.html<br />
    • 136. Copyright © 2010 Kaazing Corporation, All rights reserved.<br />All materials, including labs and other handouts are property of Kaazing Corporation. Except when expressly permitted by Kaazing Corporation, you may not copy, reproduce, publish, or display any part of this training material, in any form, or by any means.<br />Copyright © 2010 - Kaazing Corporation. All rights reserved.<br />

    ×