Open
Bug 1465074
Opened 7 years ago
Updated 4 days ago
Allow range requests to pass through a service worker
Categories
(Core :: DOM: Service Workers, defect, P2)
Core
DOM: Service Workers
Tracking
()
ASSIGNED
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | affected |
People
(Reporter: jakea, Assigned: edenchuang)
References
(Blocks 6 open bugs)
Details
(Keywords: dev-doc-needed, webcompat:platform-bug, Whiteboard: dom-lws-bugdash-triage)
User Story
user-impact-score:800
Attachments
(4 files)
Spec change: https://github.com/whatwg/fetch/pull/560.
Tests: https://github.com/web-platform-tests/wpt/pull/10348.
Security issues to pay attention to: https://github.com/whatwg/fetch/issues/144#issuecomment-368040980
This spec change means that rage requests (such as those from media elements) are allowed to pass through a service worker as long as they aren't modified. This fixes a long standing issue where media elements behave oddly if intercepted by a service worker (as the range headers were lost).
How media elements ingest partial responses remains unspecified for now. See the attacks in https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 & their mitigations. Attack 4 is already covered in the tests.
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
Priority: -- → P2
|
|
||
Comment 2•7 years ago
|
||
Looks like we already blocked 206 responses in Cache API in bug 1264181.
Depends on: 1264181
|
||
Updated•7 years ago
|
Unfortunately Firefox is currently the only browser that is not supporting range requests in service workers. See here: https://wpt.fyi/results/fetch/range/sw.https.window.html?label=master&label=experimental&aligned
Recent versions of Safari and Chromium since Version 87 support this really well (https://web.dev/sw-range-requests/). It is really unfortunate that our web app can not support Firefox because of this issue...
|
|
||
Updated•4 years ago
|
See Also: → CVE-2022-31736
|
||
Updated•4 years ago
|
Depends on: CVE-2022-45403
|
||
Comment 4•4 years ago
|
||
The bug has a release status flag that shows some version of Firefox is affected, thus it will be considered confirmed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•3 years ago
|
Severity: normal → S3
|
|
||
Updated•8 months ago
|
Keywords: webcompat:platform-bug
|
|
||
Updated•7 months ago
|
User Story: (updated)
|
||
Updated•7 months ago
|
See Also: → https://github.com/whatwg/fetch/issues/144
|
|
||
Updated•6 months ago
|
User Story: (updated)
|
||
Comment 6•4 months ago
|
||
Note changes discussed in https://github.com/whatwg/fetch/issues/1906 to "Block opaque 416 responses to range requests" in addition to 206 responses, for when we fix this.
|
|
||
Updated•2 months ago
|
User Story: (updated)
|
Assignee | |
Comment 7•1 month ago
|
||
|
|
Assignee | |
Comment 8•1 month ago
|
||
|
|
Assignee | |
Comment 9•1 month ago
|
||
|
||
Updated•1 month ago
|
Assignee: nobody → echuang
Attachment #9554204 -
Attachment description: WIP: Bug 1465074 - Only remove PrivilegedNoCorsRequestHeaders if RequestInit is not empty in Request::Constructor. → Bug 1465074 - Only remove privileged nocors request headers if RequestInit memebers presented in Request::Constructor. r=#dom-worker-reviewers
Status: NEW → ASSIGNED
|
|
||
Updated•1 month ago
|
Attachment #9554207 -
Attachment description: WIP: Bug 1465074 - Return NetworkError while get a ranged response but not a ranged request. → Bug 1465074 - Return NetworkError while get a ranged response but not requested by a ranged request. r=#dom-worker-reviewers
|
|
||
Updated•1 month ago
|
Attachment #9554210 -
Attachment description: WIP: Bug 1465074 - Update range request related web-platform test expectation. → Bug 1465074 - Let ServiceWorker intercepts range requests. r=#dom-worker-reviewers
|
|
Assignee | |
Comment 10•1 month ago
|
||
|
||
Updated•1 month ago
|
Keywords: dev-doc-needed
|
|
||
Updated•4 days ago
|
User Story: (updated)
You need to log in
before you can comment on or make changes to this bug.
Description
•