Aborting fetch

[jakearchibald]

For whatwg/fetch#523

---

This change is 

[jakearchibald]

@annevk I felt like the above was the expected behaviour, but seems like it'll be a pain to spec. What do you think?

[annevk]

So the idea is that if the signal is aborted it's a no-op when passed to fetch()? It seems like that should be fairly easy to specify (just don't pass it along), but I'm not sure it's the model we want.

[jakearchibald]

The signal is used, but the request isn't, as in the body isn't read.

My thinking is that the abort should happen straight away if the signal is already aborted. No request should be made to the server. Therefore, request.body shouldn't be consumed/locked/disturbed.

[annevk]

Oh, I missed the subtle distinction. I guess the Request constructor (which is what fetch() uses) can just bypass a whole bunch of things when passed an aborted signal?

[jakearchibald]

This is where it gets messy I think. Here are my gut feelings:

const request = new Request(url, { signal: abortedSignal, body });
const anotherRequest = new Request(request);

It feels like request's body should be disturbed/locked, since the body is being explicitly moved from one request to another.

fetch(invalidURL, { signal: abortedSignal });

The above should reject based on the invalid URL, not aborted.

fetch(request, { signal: abortedSignal, body });

In the above, the body shouldn't be consumed, as it doesn't need to be sent to the server, as the signal is already aborted.

So, from the developer's point of view, the order is:

1. Validate the args.
2. Abort if already aborted.
3. Make the request.

Locking/disturbing the body as part of "Validate the args" doesn't fit well with me, although I realise that's how it's specced now.

I guess fetch could undisturb/unlock the body if it's already aborted?

[annevk]

So you basically want fetch() to do something else than invoke the constructor. We could do that, but it'll be tricky to ensure it's correct and has no regressions. (I don't like undisturbing/unlocking. I'd rather not do the "damage" to begin with.)

[jakearchibald]

Given that mixed-content and CSP could be considered exiting early before using the body (yet they disturb/lock the body), I think I'm over complicating it by trying to make aborting different.

Happy to replace this with a test that ensures the body is locked.

[annevk]

Yeah, it does seem like a lot of refactoring effort for unclear benefit. If we had other features that needed that kind of refactoring it might be worth looking into, but not sure.

[jakearchibald]

@wanderview Any better ideas than the hack above?

[wanderview]

Not really. Doing another operation that takes the same path is what we do other places in wpt to approximate this.

[jakearchibald]

@annevk any idea who owns this?

[annevk]

@jgraham should review that.

[jakearchibald]

@jgraham I'm using this to stop an infinite response, but also to track when/if a browser closes the connection related to an aborted fetch.

[jakearchibald]

@jgraham I want to use this in other tests too, eg to stop generating content when the client is no longer interested.

[jgraham]

I think this is fine.

[jakearchibald]

@annevk what do you think about this? I'm undecided.

The idea is that requests will always have a signal. If you pass a signal to the fetch constructor, it'll listen to it & repeat the same action on its own signal.

I figured this would make things easier when it came to replacing this with fetchSignal later, as you don't have to worry that request.signal is one of a variety of types (or null).

[annevk]

So instead of forwarding the signal it gets copied? It seems you might still get different types or shapes over time as we add more features, but copying rather than forwarding might be nice if you want to reuse the request... It's not clear if we should take care of that or whether there should be a utility to copy signals.

[jakearchibald]

This is what I was thinking: https://github.com/whatwg/fetch/pull/523/files#diff-e8c7e042697e1e48e4466c612dda6a3bR5006

Then, we can later change all request.signals to FetchSignals, and developers can rely on behaviour like "If self.FetchSignal is supported, all requests will have one as .signal".

[jakearchibald]

@domenic I don't suppose you have time to check these aborting-streams tests?

[annevk]

What's the point of the promise here?

[jakearchibald]

I thought it queued a task, but it doesn't. Will fix.

[annevk]

I hope folks won't do these kind of checks when branching...

[jakearchibald]

I could change it to instanceof?

[annevk]

It's fine as-is, I doubt anyone would copy from the tests.

[annevk]

Though maybe instanceof is better so we don't have to update this test and it'll keep passing in newer UAs.

[jakearchibald]

Won't we update it to instanceof FetchSignal later?

[annevk]

Yeah, I guess we might do that anyway. Okay, never mind.

[annevk]

Move requestKeys and abortRequests done to where they are actually used? I guess I can kinda see they are global, but to me at least I kept wondering when they'd show up and when they did I had forgotten the setup.

[jakearchibald]

I've written all the tests I intended to write.

[domenic]

In general the same comments everywhere: use promise_rejects instead of your custom assertion function, and consider also testing .closed.

[domenic]

You should be able to use /common/blank.html for this

[jakearchibald]

That means I'd have to install a service worker at that scope. Is that likely to interfere with other tests?

[annevk]

I don't think tests run concurrently so if you clean up that could work, but it might be clearer to just add a comment as to why you duplicated and keep the scope as-is.

[annevk]

R+ with added newline and the comment.

[domenic]

Use promise_rejects(t, "AbortError", promise) instead of this function.

[domenic]

Apart from the promise_rejects issue, this looks good. You may also want to test reader.closed.

[jakearchibald]

Fixed the promise_rejects stuff & added reader.closed tests.

[jakearchibald]

This is a high-level overview of the intent behind the controller, signal, & fetch abort design.

Aborting a fetch

Fetching can involve setting up connections, making an HTTP request, receiving headers, and reading a response body. A single fetch can involve many iterations of these, through preflights and redirects. The aim is to make the process abortable during all of these phases. The spec should be explicit about how to react to an abort signal at various points during the process, including which points cannot be aborted.

Abort controllers and abort signals

const controller = new AbortController();
const signal = controller.signal;

const fetchPromise = fetch(url, {signal});

The feedback we got from developers was to avoid the fetchPromise being externally abortable – it should be possible to hand someone the deferred result of the fetch without giving them the ability to abort.

As a result, we designed AbortController and AbortSignal to decouple receiving the result, controlling the result, and signalling intent to the result.

signal.addEventListener('abort', () => {
  console.log('Abort signalled!');
});

controller.abort();

The controller gives you the ability to say "I would like to signal 'abort'". The signal broadcasts that intent.

A single signal can be passed to many APIs – a bunch of fetches can be aborted by a single signal.

The signal is just a signal, it doesn't reflect whether anything was actually aborted. For instance, you can signal abort long after the fetch has completed and been fully read. In this case the signal will be in the aborted state, but the fetch will have successfully completed.

A signal may be postMessaged to another thread. It achieves this by being cloned, but the clone listens to the original's signals, and mimics them. Note that this is a clone, not a transfer, the original signal continues to operate.

The design here is deliberately generic, as streams and webauthn want this ability. In future, AbortController and AbortSignal may be subclassed to provide additional signals. For example, fetch may gain the ability to signal priority changes.

AbortController and AbortSignal spec.

request.signal

const request = new Request(url, {signal});
console.log(request.signal);

All requests have a signal property whether one is provided in the constructor or not. When a signal is given to the constructor, request.signal listens to its signals, and mimics them. This means request.signal never equals the signal passed into the constructor.

This means, in future, we can change request.signal to a subclass such as FetchSignal, without request.signal being multiple types within a single user agent.

What does aborting look like to the developer?

If the abort occurs before response headers have been received, fetch()'s promise will reject with a DOMException named AbortError.

If the abort occurs when reading the body of the response, the promise (in the case of response.text() etc) will reject or the stream (in the case of response.body) will error, in either case with a DOMException named AbortError.

Aborting can be the result of the developer signalling, but also something lower-level such as the browser no longer wanting to finish the request (eg the user hit the "stop" button).

Aborting should be predictable. If aborting was signalled in the same thread as the fetch promise, the promise should reject immediately, as in rejection callbacks being called in the next microtask. Likewise, the pending/next reads of the body stream should error.

If the abort was signalled in another thread, the rejection should happen as soon as the message can be sent to the other thread.

If the browser has received the whole response, but it hasn't been read, unread data is dropped when abort is signalled, due to how streams work. Methods like response.text() should follow this behaviour and reject.

What does abort look like to the server?

The actual aborting of network actions happens independently of rejecting promises and erroring streams. The browser should close the connection (HTTP/1.1) or reset the stream (HTTP/2).

If aborting has been signalled before calling fetch(), no network activity should take place as a result.

How does this work within a service worker's fetch event?

fetchEvent.request.signal will signal the page's desire to abort the fetch. This may come from calling controller.abort() in the page, or the browser wanting to abort the request for some other reason. For example: if the page closes and the browser no longer needs the response, or the user presses the browser's "stop" button.

This means:

addEventListener('fetch', event => {
  event.respondWith(fetch(event.request));
});

…works for free. However, if the developer wants to rewrite the request (or turn it into multiple requests), they'll need to pass the signal manually:

addEventListener('fetch', event => {
  event.respondWith(
    fetch(somethingElse, { signal: event.request.signal })
  );
});

If a fetch is aborted within a page, but the service worker ignores that signal, the fetch should still abort from the perspective of the page.

[jakearchibald]

I can't really figure out what Travis is complaining about.

[annevk]

It's some intermittent issue with the Firefox bot (that also seems to be affecting the Chrome bot, but the Chrome bot doesn't count as blocking since it does that a lot). However, I can't really decipher the log either. I asked @jgraham to weigh in on IRC.

[jgraham]

w3c-test:mirror

[jgraham]

idk why the travis failure isn't being reported here correctly, but @bobholt is working on improved infrastructure there.

Anyway the problem in this case is a legit bug in the tests that needs to be fixed. In the log there are lots of lines at the end like

ERROR:/home/travis/build/w3c/web-platform-tests/tools/ci/check_stability:| `/fetch/api/abort/general.html` | `Signal can be used to abort other fetches, even if another fetch succeeded before aborting`             | **FAIL: 30/10** | `promise_test: Unhandled rejection with value: object "ReferenceError: AbortController is not defined"` |

The important point there is FAIL: 30/10 meaning we did 10 iterations, but got 30 failures for tests that are indistinguishable to the infrastructure i.e. each test ran three times. That appears to be because /fetch/api/abort/general.html is running the same tests in Window, Worker and SharedWorker context, without distinguishing which is which.

[jakearchibald]

Thanks! Fixed now.

[domenic]

This test makes sense. Can we not assert anything more specific about cancelReason than that it's truthy?

[jakearchibald]

Doh, that's supposed to be the next two lines. Copy & paste error.

[domenic]

FWIW I found generating multiple tests with a wrapper simpler than contextualTestName: see https://github.com/w3c/web-platform-tests/tree/master/streams readme and https://github.com/w3c/web-platform-tests/blob/master/streams/generate-test-wrappers.js

[domenic]

The portions I have been asked to comment on look good :)

[annevk]

Couple nits, but I think this is good to go. I'm personally happy with this landing before the change to the Fetch Standard, but I'd like to hear from @wanderview and @youennf as well. We'll start implementing this a month from now or so, so there's no particular rush.

[annevk]

Add a newline here?

[annevk]

R+ with added newline and the comment.

[annevk]

Add newline.

[annevk]

Add newline.

[annevk]

Add newline.

[annevk]

Add newline.

[jakearchibald]

Nits addressed. Thanks for the reviews @annevk @domenic @jgraham!

[jakearchibald]

https://bugs.chromium.org/p/chromium/issues/detail?id=750599

[annevk]

"Duplicating /common/blank.html..."

[annevk]

Bug for Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1378342.

[jakearchibald]

Bug for WebKit: https://bugs.webkit.org/show_bug.cgi?id=174980
Bug for Edge: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13009916/

[royling]

In future, AbortController and AbortSignal may be subclassed to provide additional signals. For example, fetch may gain the ability to signal priority changes.

if that's the intent, SignalController and Signal may be more generic to subclass than Abort*.

[jakearchibald]

We don't have use cases for that right now, but we can add it later if need be.