- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Thu, 3 Jul 2014 09:37:48 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Anne > Per HTTP the payload body is a message body with any content codings removed. > See mnot's note: http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0026.html Payload removes gzip transfer-encodings but not content encoding. Based on the thread, it seemed like there was no simple "spec > It seems what you want to hash depends a bit on the API. Most APIs on Yes, and I think what the SW API exposes and SRI's what to hash will be the same. > the platform today, including XMLHttpRequest, expose the payload body. Per above, are you referring here to "with gzip content encoding removed" or without? > fetch() exposes the message body (as a stream, though the only methods > available on that stream undo the content codings and give you the > payload body as a result). So, fetch, XHR both use body with content codings removed? What happens when it is a tar.gz file with Content-Encoding: gzip? Does fetch and XHR remove the codings? > <a download> is likely not fully defined. > From what I understood from bz it will depend on what is being > downloaded and what the file extension situation looks like... yeah. SW can interact with a download too, right? What will that look like? thanks Dev
Received on Thursday, 3 July 2014 16:38:35 UTC