Add a "How-To" example for performing HTTP requests #3509
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jvff
added a commit
that referenced
this pull request
Mar 9, 2025
## Motivation For security reasons, we would like to initially limit the hosts that applications can send HTTP requests to. ## Proposal Add an allow-list of hosts to the `ResourceControlPolicy` configured by a committee. Only perform HTTP requests in the execution state actor if the target host is in the list. ## Test Plan Tests that exercise the allow list were added in PR #3509. ## Release Plan - Nothing to do / These changes follow the usual release cycle, because this is a new feature that should be included in the next release and testnet. ## Links - [reviewer checklist](https://github.com/linera-io/linera-protocol/blob/main/CONTRIBUTING.md#reviewer-checklist)
For now it's an empty application with service support for GraphQL.
Allow the URL to use for the HTTP requests to be specified when the application is created.
Allow the client to run the service in order to perform an HTTP request. The status code is checked to be OK, the response headers discarded and the response body returned to the caller.
jvff
force-pushed
the
how-to-perform-http-requests-example
branch
from
2d7b1b5 to
f6778af
Compare
Ensure that it returns the expected response.
Randomness is not supported inside pure Wasm targets.
Ensure that the service returns an error if the HTTP response is not OK.
jvff
force-pushed
the
how-to-perform-http-requests-example
branch
from
f6778af to
971dcb8
Compare
Use an ephemeral local HTTP server to test if the service can reach it.
Ensure that the service receives an error if it attempts to send an HTTP request to a host that's not in the allow list.
Show the pattern where the contract verifies if an HTTP response provided by an operation is valid.
The contract should successfully execute an operation with a valid off-chain HTTP response.
Ensure that the contract panics if the off-chain HTTP response can't be trusted.
The received response is sent to the contract to validate.
Ensure that the service schedules the operation with a received HTTP response.
Ensure that it forwards the received HTTP response to the contract to verify.
Ensure that if the service reaches an untrusted HTTP server, the contract rejects the HTTP response.
Demonstrate how an HTTP request is made in the contract.
Add a unit test showing how to mock the response.
Ensure that the response is being verified.
Allow the service to request the contract to perform an HTTP request.
Ensure that the mutation schedules the operation for the contract.
And that it is accepted if the response is valid.
It should reject a response that it does not trust.
Request the service to perform an HTTP request for the contract, returning only the relevant deterministic output.
Demonstrate how to mock the expected service query.
A reminder that the oracle's HTTP response also needs to be verified.
Provide a mutation to create an operation that uses the service as an oracle.
Ensure that it produces the operation for the contract to use the service as an oracle.
Ensure that the service performs an HTTP request when it is called as an oracle.
A reminder that the oracle's HTTP response also needs to be verified.
Describe the different ways HTTP requests can be made, and compare their usages.
jvff
force-pushed
the
how-to-perform-http-requests-example
branch
from
971dcb8 to
ce3adba
Compare
jvff
requested review from
MathieuDutSik,
ma2bd,
afck,
deuszx and
Twey
and removed request for
MathieuDutSik
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Performing HTTP requests from applications is an important feature for Linera. There are a few different ways for applications to perform them, and there are tradeoffs between these ways. Therefore, this feature should be documented and a "How-To" example demonstrating how to use and test the feature would be useful.
Proposal
Add an example that performs HTTP requests in all different ways, and test them.
Test Plan
Unit and integration tests were added to test not just the application, but also to serve as testing examples and to also test the HTTP allow-list.
Release Plan
Links