-
Notifications
You must be signed in to change notification settings - Fork 341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose status of filtered opaque response? #14
Comments
Given that rough status is available this way, a status-code of |
We talked about this for failing |
Thanks for the context, @jakearchibald, and sorry to rehash something that had already been decided. Making each developer weigh the tradeoffs of caching vs. non-caching filtered opaque responses is a bummer, but so it goes. |
If we can find a safe way to do it (or decide it's safe) then I'll add a |
# This is the 1st commit message: # This is a combination of 23 commits. # This is the 1st commit message: Integrate CORP and COEP This is part of the introduction of COEP (whatwg/html#5454). The CORP check now takes COEP into account. Also, responses coming from service workers are checked. # This is the commit message #2: Update fetch.bs Co-authored-by: Domenic Denicola <[email protected]> # This is the commit message #3: Update fetch.bs Co-authored-by: Domenic Denicola <[email protected]> # This is the commit message #4: fix # This is the commit message #5: fix # This is the commit message #6: fix # This is the commit message #7: fix # This is the commit message #8: fix # This is the commit message #9: fix # This is the commit message #10: fix # This is the commit message #11: fix # This is the commit message #12: fix # This is the commit message #13: fix # This is the commit message #14: fix # This is the commit message #15: fix # This is the commit message #16: fix # This is the commit message #17: fix # This is the commit message #18: Update fetch.bs Co-authored-by: Anne van Kesteren <[email protected]> # This is the commit message #19: Update fetch.bs Co-authored-by: Anne van Kesteren <[email protected]> # This is the commit message #20: fix # This is the commit message #21: fix # This is the commit message #22: fix # This is the commit message #23: fix # This is the commit message #2: fix
CC: @slightlyoff
The current specification for an opaque filtered response requires that the
status
always be set to 0. Could this be relaxed?I understand that the restriction is in place to prevent leaking information that wouldn't otherwise be available for non-CORS requests/responses, but exposing either the actual HTTP response code or a boolean success/error would be very useful, and may not(*) leak more information that could already be inferred via the
onerror
/onload
handlers for elements like<img>
and<link>
.As it's currently implemented, when
fetch()
ing a non-CORS request from the context of a Service Worker, it's not possible to make an informed decisions about whether the filtered opaque response should be cached or not. Blindly caching a (possibly transient) error response isn't ideal, but the other extreme of not caching any filtered opaque responses runs counter to the utility of Service Workers.(*It's entirely possible that I'm missing some important privacy implications.)
The text was updated successfully, but these errors were encountered: