[Webkit-unassigned] [Bug 190872] New: Resuming downloads does not check if underlying content has changed

Wed Oct 24 07:56:46 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=190872

            Bug ID: 190872
           Summary: Resuming downloads does not check if underlying
                    content has changed
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jaffathecake at gmail.com

Downloads happily resume if the ETag/Last-Modified/Content-Length has changed between chunks, despite these being strong indications that the content has changed, and the previously fetched chunks may be invalid.

This could leave the user with a file that's corrupt, which could (if the user is unlucky enough) do some damage.

Test: https://github.com/jakearchibald/range-request-test (sorry, I tried to externally host it, but fontend servers kept messing with the behaviour)

You'll need Node >=8. Once the project is checked out, run:

npm install 
npm run serve

Then visit http://localhost:3000.

In the Test Download section, select:

* 100 MB
* Accept range
* Include ETag (and/or Last-Modified)
* CHEESE

Click "Download".

After a few seconds, pause the download.

Select "petril" - this changes the content downloaded, along with the ETag & Last-Modified headers.

Resume the download. Safari will send a range request for the rest of the resource, and ignore the header changes.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181024/951e50d3/attachment.html>