- From: Ben Kelly <notifications@github.com>
- Date: Thu, 24 Aug 2017 14:15:08 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 24 August 2017 14:15:31 UTC
It seems a lot of people trying to use SRI with service workers where Request.integrity is implemented are running into problems: https://bugzilla.mozilla.org/show_bug.cgi?id=1393439 The issue is that its pretty common to do `<script integrity="hash">` in your document. This creates a no-cors request by default. If their service worker script passes through with `fetch(evt.request)` then they will get a TypeError. This is required by step 32.3 here: https://fetch.spec.whatwg.org/#dom-request Perhaps we should move this check out of the `Request()` constructor and into the fetch algorithm at the point an opaque Response is created. It seems its only really important if we are going to be returning an opaque Response and need to hide any information leakage about the contents. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/583
Received on Thursday, 24 August 2017 14:15:31 UTC