Originally asked here. Posting it here now, as there has been no response so far.
Will it ever come to be that we can use grpc from browser without a proxy?
I'm assuming that you mean will it be possible to use gRPC (as opposed to gRPC-Web) directly from the browser. The article you referenced pretty much answers this:
It is currently impossible to implement the HTTP/2 gRPC spec3 in the browser, as there is simply no browser API with enough fine-grained control over the requests. For example: there is no way to force the use of HTTP/2, and even if there was, raw HTTP/2 frames are inaccessible in browsers.
So if future browsers do provide the required control over requests then it may be possible to implement gRPC in the browser. I suspect that this will not happen in the near future but that is a guess!.
If your question was actually "will it be possible to use gRPC-Web without a stand alone proxy such as Envoy" then there is an experimental Java solution (but no timeline for an official release) and this is possible in other languages (I use this go library).
Can we do mutual TLS when using grpc-web via a proxy as mentioned in "The state of gRPC in the browser" and "mutual TLS"?
Technically this may be possible but seems to be of limited use because your users would need to manually import the client certificates or, possibly, use a smart card. I'm not aware of any current, well supported, APIs allowing JavaScript running in a browser to control client side TLS certificates (the browser will select the appropriate certificate, if any, itself). It is possible that this situation will change but browsers offer other mechanisms for client side authentication (primarily cookies).
