[Webkit-unassigned] [Bug 186050] New: Allow range requests to pass through a service worker

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=186050

            Bug ID: 186050
           Summary: Allow range requests to pass through a service worker
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Service Workers
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jaffathecake at gmail.com

Spec change: https://github.com/whatwg/fetch/pull/560.
Tests: https://github.com/web-platform-tests/wpt/pull/10348.
Security issues to pay attention to: https://github.com/whatwg/fetch/issues/144#issuecomment-368040980

This spec change means that rage requests (such as those from media elements) are allowed to pass through a service worker as long as they aren't modified. This fixes a long standing issue where media elements behave oddly if intercepted by a service worker (as the range headers were lost).

How media elements ingest partial responses remains unspecified for now. See the attacks in https://github.com/whatwg/fetch/issues/144#issuecomment-368040980 & their mitigations. Attack 4 is already covered in the tests.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180529/9f3ee8ef/attachment.html>