- From: Jake Archibald <notifications@github.com>
- Date: Mon, 10 Jul 2017 11:12:38 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/563@github.com>
Aborting fetch introduces a new capability: aborting 'no-cors' fetches.
```js
addEventListener('fetch', event => {
// In a service worker fetch event:
const controller = new AbortController();
const signal = controller.signal;
event.respondWith(
fetch(whateverURL, {mode: 'no-cors', signal})
);
// Sometime later:
controller.abort();
});
```
Connections can already terminate as the result of connections dropping, but now the timing & control of this is available to the developer. Although, since the response is being read in another thread, the timing of actual cancellation isn't completely predictable.
https://github.com/tc39/proposal-cancelable-promises/issues/4 is the first time the issue was raised that aborting a fetch might result in a partial response and that for opaque responses that could potentially be problematic.
Possible attacks:
* Header truncation
* Partial data execution
The browser will know the response stream ended in error, so it can avoid executing non-streaming formats like JS and CSS (if we assume CSS isn't streaming), but is there an issue with allowing a mid-response abort of streaming responses like img, audio, video?
Related issues:
* #523 PR for fetch abort
* #447 Discussion of abort
* https://github.com/w3c/web-platform-tests/pull/6484 aborting fetch tests
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/563
Received on Monday, 10 July 2017 11:13:12 UTC