Open Bug 1465074 Opened 2 years ago Updated 2 years ago

Allow range requests to pass through a service worker

Categories

(Core :: DOM: Service Workers, defect, P2)

defect

Tracking

()

UNCONFIRMED
Tracking Status
firefox62 --- affected

People

(Reporter: jaffathecake, Unassigned)

References

(Blocks 2 open bugs)

Details

Spec change: https://github.com/whatwg/fetch/pull/560.
Tests: https://github.com/web-platform-tests/wpt/pull/10348.
Security issues to pay attention to: https://github.com/whatwg/fetch/issues/144#issuecomment-368040980

This spec change means that rage requests (such as those from media elements) are allowed to pass through a service worker as long as they aren't modified. This fixes a long standing issue where media elements behave oddly if intercepted by a service worker (as the range headers were lost).

How media elements ingest partial responses remains unspecified for now. See the attacks in https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 & their mitigations. Attack 4 is already covered in the tests.
Component: Untriaged → DOM: Service Workers
Product: Firefox → Core
Duplicate of this bug: 1404041
Priority: -- → P2
Looks like we already blocked 206 responses in Cache API in bug 1264181.
Depends on: 1264181
Blocks: 1477391
See Also: 1477391
You need to log in before you can comment on or make changes to this bug.