@diegop it hasn’t been merged yet
Hey guys I think I know what is going on with this. Of course this is no-accident, which got me thinking. Query calls can’t change the state of the ic. Even certified query calls do not change the state of the ic. But update calls can. I think the reason they don’t want this feature is because people will start sending data in through the http requests without an agent (because it’s easier) and unless an agent is used, there is no way for the canister to verify the caller, and no way for the canister to verify the data. This will ‘break the determinism of the ic’, a phrase I have heard before, as people start changing the state of their canisters based on incoming http requests that are not verified and certified. This is the same thing that is holding them back from letting canisters make outgoing http calls.
One could say that a canister should be able to choose for itself if it wants to take in insecure data however if a canister is taking update calls that come in without an agent, then it is also giving back data that the caller is not verifying/certifying because there is no signature on the data by the ic, because the caller is not using an agent.
So it seems this is a good choice of the dfinity-team.
Comments/thoughts are welcome.
Not quite. This thread discusses a feature of the “HTTP Gateway” on the boundary node, which lives outside the actual system and instead translates HTTP requests to normal query calls, or potentially, update calls. This is also why this feature is not specified in the Interface Specification.
And because this component lives outside the (core) Internet Computer, it certainly can’t break it in the ways you describe.
Also note that I have been running such a gateway for almost a year now (as a proof of concept, to be able to run a Telegram bot on the IC), and it didn’t break determinism
What’s holding this back is mainly prioritization, I think, and that the interaction with the “streaming” feature is unclear and needs to be designed.
Do you mind sharing some insights/guides on how to do that @nomeata ?
To do what precisely? Running your own proxy with that feature? Or finishing the design and rigorous specification?
Running my own, I heard some people are doing it but I’ve got no idea how.
If you know AWS, maybe GitHub - nomeata/ic-http-lambda: A HTTP-to-IC bridge (proof of concept) suits you.
Or you could fork ic-proxy
with @paulyoung’s patches and play with that. You’d still have to do your own devops.
Thanks! I assume you meant icx-proxy
? Where would i find those patches? Seems like he didn’t fork it and there’s only one branch on the repo
feat: upgrade HTTP request calls from query to update upon canister's request by paulyoung · Pull Request #195 · dfinity/agent-rs · GitHub (created before the code was moved out)
I’ve broken things up into separate PRs. The original was closed because icx-proxy
was moved to its own repository.