- http2 is now exposed by default without the need for a flag
- a new environment varible NODE_NO_HTTP2 has been added to allow userland http2 to be required
- support has been added for generic Duplex streams
* module:
- resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle
* zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector.
That would typically be implemented by a proxy or service like Cloudflare. The server itself should not do this based on header contents - instead the application should use the push protocol directly: https://nodejs.org/api/http2.html#http2_http2stream_pushstre...
It wouldn't be appropriate for the http2 core module to do this implicitly, but I wouldn't be surprised if higher level server abstractions, such as Express, did implement such a feature (though imo it'd still be better to not use the Link header).
It's also likely to work a lot better for a caching proxy to perform this action rather than the source server - since it can cache the contents of the resources being pushed.
Do you mean Server-Sent Events? That's a well-supported and efficient model that'll work fine, although the payload will always be heavier than websockets since all the headers have to be sent, even if compressed within the HTTP/2 stream. It's also not supported on IE or Edge.
If you actually mean server-push then that would basically be long-polling and not very efficient, also it's meant to send along assets that the server already knows will be needed for a request (like CSS with the HTML). There's not much client-side API to actually deal with server-push because it's just like another network http request/response.
I can't speak for exact performance comparisons but server-push isn't designed for events like SSE or websockets. It's designed for the client to make a request and the server to efficiently responded with multiple payloads to populate a client cache.
I'm pretty sure that's not how server push works. Client requests A, then server pushes B and C with A. Server just cannot push something to God knows where.
It would be great to hear from an insider, but it seems to me like they are having a little difficulty establishing organization around roles/permissions. Also the GitHub repo hasn't seen any commits in a month.
[+] [-] nikolay|8 years ago|reply
* crypto:
- expose ECDH class
* http2:
- http2 is now exposed by default without the need for a flag
- a new environment varible NODE_NO_HTTP2 has been added to allow userland http2 to be required
- support has been added for generic Duplex streams
* module:
- resolve and instantiate loader pipeline hooks have been added to the ESM lifecycle
* zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialized with windowBits set to 8. On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. Node.js will now gracefully set windowBits to 9 replicating the legacy behavior to avoid a DOS vector.
[+] [-] chrisseaton|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] j_s|8 years ago|reply
https://github.com/Microsoft/napajs/wiki/Why-Napa.js a bit edited:
1) quick iteration
2) multiple cores
3) share memory with structures
4) fine granularity parallelism, minimizing communication cost
Discussion: https://news.ycombinator.com/item?id=15498219 (Oct 2017, 201 comments)
[+] [-] partycoder|8 years ago|reply
To test if your version is affected:
[+] [-] hanley|8 years ago|reply
[+] [-] SimeVidas|8 years ago|reply
[+] [-] BillinghamJ|8 years ago|reply
It wouldn't be appropriate for the http2 core module to do this implicitly, but I wouldn't be surprised if higher level server abstractions, such as Express, did implement such a feature (though imo it'd still be better to not use the Link header).
It's also likely to work a lot better for a caching proxy to perform this action rather than the source server - since it can cache the contents of the resources being pushed.
[+] [-] knocte|8 years ago|reply
[+] [-] manigandham|8 years ago|reply
If you actually mean server-push then that would basically be long-polling and not very efficient, also it's meant to send along assets that the server already knows will be needed for a request (like CSS with the HTML). There's not much client-side API to actually deal with server-push because it's just like another network http request/response.
[+] [-] meritt|8 years ago|reply
[+] [-] pwdisswordfish|8 years ago|reply
[+] [-] akmittal|8 years ago|reply
I'm ignoring the fact that SSE are not replacement for WebSocket because with SSE we can't send data from client to server.
[+] [-] nikcub|8 years ago|reply
There is no good internal password storage, and bitcoin operations require bringing in most libs
[+] [-] _urga|8 years ago|reply
[+] [-] raresp|8 years ago|reply
[+] [-] darkhorn|8 years ago|reply
[+] [-] sanxiyn|8 years ago|reply
[+] [-] freedomben|8 years ago|reply
[+] [-] monsieurbanana|8 years ago|reply
[+] [-] contras1970|8 years ago|reply
[+] [-] GenericsMotors|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] hasenj|8 years ago|reply