Spec change: https://github.com/whatwg/fetch/pull/560. Tests: https://github.com/web-platform-tests/wpt/pull/10348. Security issues to pay attention to: https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 This spec change means that rage requests (such as those from media elements) are allowed to pass through a service worker as long as they aren't modified. This fixes a long standing issue where media elements behave oddly if intercepted by a service worker (as the range headers were lost). How media elements ingest partial responses remains unspecified for now. See the attacks in https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 & their mitigations. Attack 4 is already covered in the tests.
Component: Untriaged → DOM: Service Workers
Product: Firefox → Core
You need to log in before you can comment on or make changes to this bug.