Allow range requests to pass through a service worker

UNCONFIRMED
Unassigned

Status

()

defect
P2
normal
UNCONFIRMED
11 months ago
3 months ago

People

(Reporter: jaffathecake, Unassigned)

Tracking

(Blocks 2 bugs)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox62 affected)

Details

(Reporter)

Description

11 months ago
Spec change: https://github.com/whatwg/fetch/pull/560.
Tests: https://github.com/web-platform-tests/wpt/pull/10348.
Security issues to pay attention to: https://github.com/whatwg/fetch/issues/144#issuecomment-368040980

This spec change means that rage requests (such as those from media elements) are allowed to pass through a service worker as long as they aren't modified. This fixes a long standing issue where media elements behave oddly if intercepted by a service worker (as the range headers were lost).

How media elements ingest partial responses remains unspecified for now. See the attacks in https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 & their mitigations. Attack 4 is already covered in the tests.
Component: Untriaged → DOM: Service Workers
Product: Firefox → Core
Duplicate of this bug: 1404041

Updated

11 months ago
Priority: -- → P2
Looks like we already blocked 206 responses in Cache API in bug 1264181.
Depends on: 1264181

Updated

9 months ago
Blocks: 1477391
See Also: 1477391
You need to log in before you can comment on or make changes to this bug.