Closed Bug 1603168 Opened 8 months ago Closed 2 months ago

Make Cache.match() and Cache.matchAll() throw when a response fails the appropriate CORP check for its COEP global

Categories

(Core :: Storage: Cache API, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla78
Tracking Status
firefox78 --- fixed

People

(Reporter: asuth, Assigned: edenchuang)

References

()

Details

Attachments

(1 file, 1 obsolete file)

We've been talking about it a bit in general, with bug 1565199 kinda sorta covering this, but https://github.com/w3c/ServiceWorker/issues/1490 now has directly brought up how to deal with opaque responses for the COEP/CORP scenario for Cache.match() and Cache.matchAll().

I enumerated the space of possible options at https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-563450588

The current proposal at https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-564651278 (of the many options) is just to reject, which seems reasonable and a safe/easy first step.

Is this on your radar? We need to fix this before shipping as I understand it.

Flags: needinfo?(perry)
Blocks: 1613061

(To be clear, this still blocks resab, just no longer directly.)

No longer blocks: resab
Assignee: nobody → perry
Flags: needinfo?(perry)
Assignee: perry → echuang
Depends on: 1532287
Attachment #9133881 - Attachment is obsolete: true
Priority: P2 → P1
Attachment #9138841 - Attachment description: Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep → Bug 1603168 - Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep
Pushed by malexandru@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bbcc193fe0f0
Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep r=dom-workers-and-storage-reviewers,perry
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla78
You need to log in before you can comment on or make changes to this bug.