- From: Adam Rice <notifications@github.com>
- Date: Thu, 07 Feb 2019 04:16:26 -0800
- To: whatwg/streams <streams@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 7 February 2019 12:16:48 UTC
Opaque streams are something we might wish to add in future. An opaque stream is a stream you can't read from, but you can pass it off to APIs that can.
With opaque streams, instead of `response.body` returning `null` for an opaque response, it would return an opaque stream.
Currently:
```javascript
const response = await fetch(url, {mode: 'no-cors'});
const body = response.body; // "body" is null
```
But with opaque streams:
```javascript
const response = await fetch(url, {mode: 'no-cors'});
const body = response.body; // "body" is non-null!
const reader = body.getReader(); // throws!
```
So far we haven't gained anything, but we can now pass our stream off to someone who can use it, eg.
```javascript
postMessage(body, origin, [body]);
```
If `origin` has access to `url`, they can get a reader on `body` and read from it as usual.
The goal is that any platform API that produces or consumes opaque data will be composable via streams.
An opaque stream can also be thought of as a stream with an ACL attached to it.
The exact mechanism by which some contexts and APIs are authorised to read/write/transform opaque streams is TBD, along with the security threat model.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/streams/issues/983
Received on Thursday, 7 February 2019 12:16:48 UTC