Closed Bug 1603168 Opened 5 years ago Closed 4 years ago

Make Cache.match() and Cache.matchAll() throw when a response fails the appropriate CORP check for its COEP global

Categories

(Core :: Storage: Cache API, task, P1)

Product:
Core
Component:
Storage: Cache API
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla78
Tracking Flags:
Tracking Status
firefox78 --- fixed

People

(Reporter: asuth, Assigned: edenchuang)

References

(
URL
)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1603168 - Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep
47 bytes, text/x-phabricator-request
Details | Review

We've been talking about it a bit in general, with bug 1565199 kinda sorta covering this, but https://github.com/w3c/ServiceWorker/issues/1490 now has directly brought up how to deal with opaque responses for the COEP/CORP scenario for Cache.match() and Cache.matchAll().

I enumerated the space of possible options at https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-563450588

The current proposal at https://github.com/w3c/ServiceWorker/issues/1490#issuecomment-564651278 (of the many options) is just to reject, which seems reasonable and a safe/easy first step.

Is this on your radar? We need to fix this before shipping as I understand it.

Flags: needinfo?(perry)
Blocks: 1613061

(To be clear, this still blocks resab, just no longer directly.)

No longer blocks: resab
Assignee: nobody → perry
Flags: needinfo?(perry)
Assignee: perry → echuang
Depends on: 1532287
Attachment #9133881 - Attachment is obsolete: true
Priority: P2 → P1
Attachment #9138841 - Attachment description: Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep → Bug 1603168 - Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep
Pushed by malexandru@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bbcc193fe0f0
Reject Cache.match and Cache.matchAll if the response doesn't match the caller context coep r=dom-workers-and-storage-reviewers,perry

https://hg.mozilla.org/mozilla-central/rev/bbcc193fe0f0

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox78: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla78
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: