Open
Bug 1465074
Opened 7 years ago
Updated 21 days ago
Allow range requests to pass through a service worker
Categories
(Core :: DOM: Service Workers, defect, P2)
Core
DOM: Service Workers
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | affected |
People
(Reporter: jakea, Unassigned)
References
(Blocks 3 open bugs)
Details
(Keywords: webcompat:platform-bug, Whiteboard: dom-lws-bugdash-triage)
User Story
user-impact-score:1600
Spec change: https://github.com/whatwg/fetch/pull/560.
Tests: https://github.com/web-platform-tests/wpt/pull/10348.
Security issues to pay attention to: https://github.com/whatwg/fetch/issues/144#issuecomment-368040980
This spec change means that rage requests (such as those from media elements) are allowed to pass through a service worker as long as they aren't modified. This fixes a long standing issue where media elements behave oddly if intercepted by a service worker (as the range headers were lost).
How media elements ingest partial responses remains unspecified for now. See the attacks in https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 & their mitigations. Attack 4 is already covered in the tests.
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
Priority: -- → P2
|
|
||
Comment 2•7 years ago
|
||
Looks like we already blocked 206 responses in Cache API in bug 1264181.
Depends on: 1264181
|
||
Updated•7 years ago
|
Unfortunately Firefox is currently the only browser that is not supporting range requests in service workers. See here: https://wpt.fyi/results/fetch/range/sw.https.window.html?label=master&label=experimental&aligned
Recent versions of Safari and Chromium since Version 87 support this really well (https://web.dev/sw-range-requests/). It is really unfortunate that our web app can not support Firefox because of this issue...
|
|
||
Updated•4 years ago
|
See Also: → CVE-2022-31736
|
||
Updated•3 years ago
|
Depends on: CVE-2022-45403
|
||
Comment 4•3 years ago
|
||
The bug has a release status flag that shows some version of Firefox is affected, thus it will be considered confirmed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•3 years ago
|
Severity: normal → S3
|
|
||
Updated•1 month ago
|
Keywords: webcompat:platform-bug
|
|
||
Updated•1 month ago
|
User Story: (updated)
|
||
Updated•21 days ago
|
See Also: → https://github.com/whatwg/fetch/issues/144
You need to log in
before you can comment on or make changes to this bug.
Description
•