Skip to content

Define opaque-response blocking (updated) #1755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Define opaque-response blocking (updated) #1755

wants to merge 5 commits into from

Conversation

@sefeng211
Copy link

@sefeng211 sefeng211 commented May 27, 2024
edited by pr-preview bot
Loading

This PR is based on what @annevk has proposed in #1442, with additional changes. It includes the validate a partial response and the Content-Range header parser algorithm, plus the additional changes that Firefox has made in its implementation.

#1442 had some discussions and references, and I wish I can keep them, but I don't have write access to annevk/orb, hence this PR. Please let me know if there's a better way to move this forward.

cc @zcorpan @annevk

TODO:

(See WHATWG Working Mode: Changes for more details.)

Preview | Diff

@zcorpan
Copy link
Member

zcorpan commented May 27, 2024
edited
Loading

From the build errors, it looks like mimesniff needs to export more terms, e.g. https://github.com/whatwg/mimesniff/blob/main/mimesniff.bs#L988

@sanason sanason mentioned this pull request Jun 3, 2024
Closed
1 task
sefeng211 added a commit to sefeng211/mimesniff that referenced this pull request Jun 11, 2024
@sefeng211
Export the image pattern and the media pattern algorithm
ade7608 
I'd like to reference them in whatwg/fetch#1755,
hence this patch to export those two algorithms.
@sefeng211 sefeng211 mentioned this pull request Jun 11, 2024
Merged
5 tasks
zcorpan pushed a commit to whatwg/mimesniff that referenced this pull request Jun 12, 2024
@sefeng211
Editorial: Export the image pattern and the media pattern algorithm
3624957 
Needed for whatwg/fetch#1755
annevk and others added 4 commits June 12, 2024 14:32
@annevk @sefeng211
Define opaque-response blocking
aa2980f 
This is good enough for early review, but there are a number of issues that still need resolving: https://github.com/annevk/orb/labels/mvp.

There are also some inline TODO comments.

A PR against HTML is needed to ensure it passes the appropriate metadata for media element and classic script requests. We might also want to depend on HTML for parsing JavaScript.
@sefeng211
Add the validate a partial response algorithm and the `extract cont…
cbe9f32 
…ent-range values` algorithm
@sefeng211
Update the ORB spec to align with Firefox's implementation
5818ed4
@sefeng211
Fix the warnings
0908c4b
zcorpan
zcorpan reviewed Jun 13, 2024
View reviewed changes
fetch.bs Outdated
set of bytes, and ultimately falls back to a full parse due to unfortunate (lack of) design
decisions in the early days of the web platform. As a result there are still quite a few responses
whose secrets can end up being revealed to attackers. Web developers are strongly encouraged to use
the `<code http-header>Cross-Origin-Resource-Policy</code>` response header to defend them.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The http-header attribute seems to cause a build error. Try dfn-type=http-header

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zcorpan zcorpan zcorpan left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sefeng211 @zcorpan @annevk