-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow range header without preflight #1312
Conversation
Can we consolidate with https://wicg.github.io/background-fetch/#extract-content-range-values-algorithm perhaps? (I realize there are delimiter differences, but perhaps they can be abstracted somehow. See also WICG/background-fetch#157.) The other thing that might help is to use isomorphic decode, so you can operate on a string. That removes the need for state and allows for using Infra's "collect a sequence" algorithms. |
@annevk I'm not sure how useful it is to consolidate with
I think it'd be confusing to try and combine the two. I'll look at defining this using "collect a sequence", or would you rather I used the ABNF style from background-fetch? |
Fair about combining. They are a bit more different than I thought. Implementers (at least Matt Menke) seem to prefer algorithms over ABNF and that's also the style I've used for the other header parsers thus far so I guess we should stick with that. Also, ABNF often leads to implementations that approximate the parser requirements in my experience. |
@annevk cool, I've rewritten it using "collecting a sequence of code points", it's much easier to read now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, this looks very readable indeed.
Co-authored-by: Anne van Kesteren <[email protected]>
Ugh, I just realised it's |
This PR aims to allow, without requiring a preflight, CORS requests with a When requesting media, browsers will typically request ranges like When resuming the download of files, browsers will typically just use the initial range, like However, there are a few novel requests that this PR enables:
Only "ranges outside the length of the resource" makes me raise an eyebrow, so I'd like a second opinion on that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the analysis! Modulo some final nits this looks good to me now. I wonder if @mikewest, @yutakahirano, and @youennf can help out with additional security review.
(This also ends up fixing #1265 now. It seems okay to include the fix for that here, as long as we indicate it in the final commit message.)
Co-authored-by: Anne van Kesteren <[email protected]>
Co-authored-by: Anne van Kesteren <[email protected]>
Co-authored-by: Anne van Kesteren <[email protected]>
Ah, sorry I missed that original issue. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@rayankans over to you for the tests |
I created a PR for the tests here: web-platform-tests/wpt#31058 |
I'm comfortable with merging this once we have implementation bugs. |
Implementation bugs added. Commit message: Allow particular Range header values without a preflight. The allowed format aligns with the values the browser uses when requesting media and resuming downloads. |
For whatwg/fetch#1312. Co-authored-by: Jake Archibald <[email protected]>
Thanks all! |
…eaders from preflight, a=testonly Automatic update from web-platform-tests Fetch: tests for safelisting simple range headers from preflight For whatwg/fetch#1312. Co-authored-by: Jake Archibald <[email protected]> -- wpt-commits: 902e9dceb10d98a646ad77d46df62e0365626fff wpt-pr: 31058
…eaders from preflight, a=testonly Automatic update from web-platform-tests Fetch: tests for safelisting simple range headers from preflight For whatwg/fetch#1312. Co-authored-by: Jake Archibald <[email protected]> -- wpt-commits: 902e9dceb10d98a646ad77d46df62e0365626fff wpt-pr: 31058
The Fetch standard now safelists 'simple' range headers from preflight checks. (whatwg/fetch#1312) This CL also successfully runs against the new WPT suite (web-platform-tests/wpt#31058) I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/0f1zQ4hjoyQ Bug: 1255711 Change-Id: I06ee27fec586950b7d45e3cba416df1b5090fa4d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3190330 Reviewed-by: Reilly Grant <[email protected]> Commit-Queue: Rayan Kanso <[email protected]> Cr-Commit-Position: refs/heads/main@{#930108}
For whatwg/fetch#1312. Co-authored-by: Jake Archibald <[email protected]>
The Fetch standard now safelists 'simple' range headers from preflight checks. (whatwg/fetch#1312) This CL also successfully runs against the new WPT suite (web-platform-tests/wpt#31058) I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/0f1zQ4hjoyQ Bug: 1255711 Change-Id: I06ee27fec586950b7d45e3cba416df1b5090fa4d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3190330 Reviewed-by: Reilly Grant <[email protected]> Commit-Queue: Rayan Kanso <[email protected]> Cr-Commit-Position: refs/heads/main@{#930108} NOKEYCHECK=True GitOrigin-RevId: 7b4dbc8d73cd09187b1501931141871f9d90b30d
Fixes #1310.
Preview | Diff