Contact emails
Spec
There is no spec for Shoutcast. In practice, Shoutcast just returns HTTP/1.x 200 response with "HTTP/1.x" replaced with "ICY".
Summary
We removed support for HTTP/0.9 on non-default HTTP ports in M55 to address a security issue. This has caused more problems than expected. 0.4% of our users encounter HTTP/0.9 subresource responses each week, which is larger than anticipated. Some of these may be due to server errors, but we believe most of these responses are from Shoutcast servers.
I propose we add it back to M56 for a revision and in M57 remove it again, but add an exception so that Shoutcast responses over non-default ports are still treated as HTTP/0.9 responses.
Motivation
I tried to remove HTTP/0.9 support in https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/OdKnpLlvVUo to address a security issue, but due to widespread use of HTTP/0.9, we backed off, and instead removed HTTP/0.9 support on default ports. It turns out that 0.4% of users run into such servers each week, which is much more than expected. We feel that we should do something to improve this, but don't want to bring back HTTP/0.9 support on non-standard ports indefinitely.
We believe the primary cause of this is Shoutcast servers. Shoutcast is a proprietary 18-year-old protocol for streaming media. The primary Shoutcast server in use is an unmaintained 13-year-old Windows binary that typically listens on HTTP ports other than port 80 and respond to HTTP requests with an HTTP-like response, starting with "ICY 200 OK". These responses were previously detected as HTTP/0.9, and media decoders are flexible enough to handle those responses, even with the extra stuff at the start. Newer Shoutcast servers from other vendors apparently have some issues that make users reluctant to upgrade. Shoutcast servers are typically run by individuals and then advertised on aggregation sites, so there aren't just a couple sites to convince to upgrade.
I propose Chrome be modified to only allow HTTP/0.9 responses over ports other than 80 when the response starts with "ICY".
Interoperability and Compatibility Risk
The main problem is this makes Shoutcast a de facto web standard, and we'd basically never be able to remove support for it. This is quite unfortunate and I'd rather not do it, but unless we work in concert with other browser vendors to get rid of HTTP/0.9 support, at least on ports other than 80, I think this is the best option for our users, given its widespread use.
Other browsers:
FireFox already has explicit handling of Shoutcast responses (And treats them as HTTP/1.x responses, parsing headers as HTTP headers, which is not what I'm proposing we do). See https://bugzilla.mozilla.org/show_bug.cgi?id=869725
Edge: No explicit Shoutcast support, but it does still support HTTP/0.9 on ports other than 80.
Safari removed support for HTTP/0.9 over non-standard ports and is not, to the extent of my knowledge, going back on that.
Ongoing technical constraints
HTTP/0.9 support doesn't require much code, and I don't think we'll be able to remove it in the foreseeable future, so the amount of code for this is negligible.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes
OWP launch tracking bug
The current bug is https://crbug.com/669800 (Which is more of a "You broke shoutcast" bug. Does this warrant another bug?)
Link to entry on the feature dashboard
https://www.chromestatus.com/feature/5703452101443584
Requesting approval to ship?
Yes
lgtm1
lgtm1
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+unsubscribe@chromium.org.
To post to this group, send email to net...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAOMQ%2Bw907-HfrFzjYYpvXHKgcGkdF9Gr73MAKFWS7RCWpsReGQ%40mail.gmail.com.