Closed
Bug 1603168
Opened 5 years ago
Closed 4 years ago
Make Cache.match() and Cache.matchAll() throw when a response fails the appropriate CORP check for its COEP global
Categories
(Core :: Storage: Cache API, task, P1)
Core
Storage: Cache API
Tracking
()
RESOLVED
FIXED
mozilla78
Tracking | Status | |
---|---|---|
firefox78 | --- | fixed |
People
(Reporter: asuth, Assigned: edenchuang)
References
()
Details
Attachments
(1 file, 1 obsolete file)
We've been talking about it a bit in general, with bug 1565199 kinda sorta covering this, but https://github.com/w3c/ServiceWorker/issues/1490 now has directly brought up how to deal with opaque responses for the COEP/CORP scenario for Cache.match() and Cache.matchAll().
I enumerated the space of possible options at https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-563450588
The current proposal at https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-564651278 (of the many options) is just to reject, which seems reasonable and a safe/easy first step.
Comment 1•5 years ago
|
||
Is this on your radar? We need to fix this before shipping as I understand it.
Flags: needinfo?(perry)
Comment 2•5 years ago
|
||
(To be clear, this still blocks resab, just no longer directly.)
No longer blocks: resab
Updated•5 years ago
|
Assignee: nobody → perry
Flags: needinfo?(perry)
Updated•5 years ago
|
Assignee: perry → echuang
Assignee | ||
Comment 3•5 years ago
|
||
Assignee | ||
Comment 4•5 years ago
|
||
Updated•5 years ago
|
Attachment #9133881 -
Attachment is obsolete: true
Updated•4 years ago
|
Priority: P2 → P1
Updated•4 years ago
|
Attachment #9138841 -
Attachment description: Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep → Bug 1603168 - Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep
Pushed by malexandru@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bbcc193fe0f0 Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep r=dom-workers-and-storage-reviewers,perry
Comment 6•4 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox78:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla78
You need to log in
before you can comment on or make changes to this bug.
Description
•