28 July 2014

Server sent events in PHP

Server sent events are really pretty cool.  They let your application function a little bit more like an application and a little less than a click adventure in the web wonderland.  They are very simple to code and allow your backend code to notify your frontend of progress or other changes.
I could get into trouble for this class comment

At time of writing they are not supported by Internet Explorer ( see here ) but hopefully Microsoft will either stop making Internet Explorer or bring it up to speed with modern browsers.  Yeah I know that's not going to happen, but we can wish right?

You don't need to retain an open connection for every visitor to your site because browsers will reopen a closed connection after a few seconds.  The additional load for implementing SSE seems to be manageable according to people like this guy who have done tests.

My first project implementing them was for a database consistency tool that is intended to be run against the database in off-peak times to verify that things are as we expect them to be.  Basically I wanted a tool to check for dirty data, but more importantly to audit the financial transactions occurring on our site.  I wanted to play with SSE so implemented them as a notification service.  As the program runs through the various batches of tests it spits out information to the frontend about what it's busy with, if it found an error, and other interesting snippets.

There are bunches of tutorials available on them out there so I'm not going to paste code.

One thing that did concern me a bit is the possibility of forged messages.  It's pretty simple to check the origin of incoming messages against a whitelist of domains.  Here is an example from html5rocks.com that has a simple origin validation:

 source.addEventListener('message', function(e) {  
  if (e.origin != 'http://example.com') {  
   alert('Origin was not http://example.com');  
 }, false);  

Personally I think SSE should be in the toolkit of any web application developer.

No comments:

Post a comment

Note: only a member of this blog may post a comment.