Create a separate spec for web-specific features

Will add cross-reference between this spec and the transport spec once the repo becomes public. And will remove all web-specific elements from the transport spec.
2018-02-28 17:15:32 -08:00 · 2018-02-28 17:15:32 -08:00 · 507daf6f4b
parent 1f63cacbb4
commit 507daf6f4b
1 changed files with 22 additions and 0 deletions
--- a/PROTOCOL-WEB.md
+++ b/PROTOCOL-WEB.md
@ -0,0 +1,22 @@
+# gRPC-Web for browser (HTML) clients
+
+Due to browser limitation, gRPC-Web supports a different transport
+than the [HTTP/2 based gRPC protocol](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md).
+The difference between the gRPC-Web
+protocol and the HTTP/2 based gRPC protocol is specified in the [gRPC repo](https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-WEB.md). 
+
+In addition to the wire-transport spec, gRPC-Web also supports features that are unique to browser (HTML) clients.
+This document is the official spec for those features. As the Web platform evolves,
+we expect some of those features will evolve too or become deprecated.
+
+# CORS support
+
+* Should follow the [CORS spec](https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control)
+  * Access-Control-Allow-Credentials to allow Authorization headers
+  * Access-Control-Allow-Methods to allow POST and (preflight) OPTIONS only
+  * Access-Control-Allow-Headers to whatever the preflight request carries
+* The client library may support header overwrites to avoid preflight
+  * https://github.com/whatwg/fetch/issues/210
+* CSP support to be specified
+
+# More to be added