Mercurial > prosody-modules

view mod_muc_eventsource/README.markdown @ 5682:527c747711f3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parents 7c16afc70d11
children 694b62d8a82f
line wrap: on
line source

---
labels: 'Stage-Beta'
summary: Subscribe to MUC rooms using the HTML5 EventSource API
...

Introduction
------------

This module and its docs shamelessly forked from mod_pubsub_eventsource.

[Server-Sent Events](https://en.wikipedia.org/wiki/Server-sent_events)
is a simple HTTP/line-based protocol supported in HTML5, making it easy
to receive a stream of "events" in realtime using the Javascript
[EventSource
API](https://developer.mozilla.org/en-US/docs/Web/API/EventSource).

EventSource is supported in [most modern
browsers](http://caniuse.com/#feat=eventsource), and for the remainder
there are 'polyfill' compatibility layers such as
[EventSource.js](https://github.com/remy/polyfills/blob/master/EventSource.js)
and [jquery.eventsource](https://github.com/rwldrn/jquery.eventsource).

Details
-------

Subscribing to a node from Javascript is easy:

    var source = new EventSource('http://muc.example.org:5280/eventsource/myroom');
    source.onmessage = function (event) {
      console.log(event.data); // Do whatever you want with the data here
    };

### Access control

Be warned that this module currently performs no access control. It will expose
the messages of ALL rooms on the host it is loaded on. This may be changed in
future revisions.

### Cross-domain issues

The same cross-domain restrictions apply to EventSource that apply to
BOSH, and support for CORS is not clearly standardized yet. You may want
to proxy connections through your web server for this reason. See [BOSH:
Cross-domain
issues](https://prosody.im/doc/setting_up_bosh#proxying_requests) for
more information.

Configuration
-------------

There is no special configuration for this module. Simply load it onto a
MUC component like so:

    Component "muc.example.org" "muc"
      modules_enabled = { "muc_eventsource" }

As it uses HTTP to serve the event streams, you can use Prosody's
standard [HTTP configuration options](https://prosody.im/doc/http) to
control how/where the streams are served.

**Note about URLs:** It is important to get the event streams from the
correct hostname (that of the MUC host). An example stream URL is
`http://muc.example.org:5280/eventsource/myroom`. If you need to
access the streams using another hostname (e.g. `example.org`) you can
use the `http_host` option under the Component, e.g.
`http_host = "example.org"`. For more information see the ['Virtual
Hosts'](https://prosody.im/doc/http#virtual_hosts) section of our HTTP
documentation.

Compatibility
-------------

  ------- --------------
  0.10    ?
  0.9     ?
  0.8     Doesn't work
  Trunk   Works
  ------- --------------