Define opaque-response blocking (updated) #1755
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
From the build errors, it looks like mimesniff needs to export more terms, e.g. https://github.com/whatwg/mimesniff/blob/main/mimesniff.bs#L988 |
1 task
sefeng211
added a commit
to sefeng211/mimesniff
that referenced
this pull request
Jun 11, 2024
I'd like to reference them in whatwg/fetch#1755, hence this patch to export those two algorithms.
5 tasks
zcorpan
pushed a commit
to whatwg/mimesniff
that referenced
this pull request
Jun 12, 2024
This is good enough for early review, but there are a number of issues that still need resolving: https://github.com/annevk/orb/labels/mvp. There are also some inline TODO comments. A PR against HTML is needed to ensure it passes the appropriate metadata for media element and classic script requests. We might also want to depend on HTML for parsing JavaScript.
…ent-range values` algorithm
zcorpan
reviewed
Jun 13, 2024
| set of bytes, and ultimately falls back to a full parse due to unfortunate (lack of) design | ||
| decisions in the early days of the web platform. As a result there are still quite a few responses | ||
| whose secrets can end up being revealed to attackers. Web developers are strongly encouraged to use | ||
| the `<code http-header>Cross-Origin-Resource-Policy</code>` response header to defend them. |
There was a problem hiding this comment.
The http-header attribute seems to cause a build error. Try dfn-type=http-header
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is based on what @annevk has proposed in #1442, with additional changes. It includes the
validate a partial responseand theContent-Range header parseralgorithm, plus the additional changes that Firefox has made in its implementation.#1442 had some discussions and references, and I wish I can keep them, but I don't have write access to annevk/orb, hence this PR. Please let me know if there's a better way to move this forward.
cc @zcorpan @annevk
TODO:
At least two implementers are interested (and none opposed):
Tests are written and can be reviewed and commented upon at:
Implementation bugs are filed:
The top of this comment includes a clear commit message to use.
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff