Re: [whatwg/streams] Possible feature discussion: opaque streams (#983)

> In the case of `fetch`: wouldn't it make more sense to transfer the whole `Response` instead?

Yes, probably. :smile: 

> But then what would be the benefit of initiating a `no-cors` `fetch` from the initial origin and then transferring it, when you could just as well initiate the `fetch` from the other origin?

I feel that there's something here, but I don't know what it is yet.

@yutakahirano pointed out that we'd quite like to do away with opaque responses and `no-cors` altogether.

> * You could pipe an opaque readable stream into the writable side of a `TextDecoderStream`. This would have to turn the readable side opaque as well.

Yes.

> * You could pipe an opaque readable stream into the writable side of a previously transferred `TransformStream` from the other origin.

I hadn't thought of that. I think the creator of the TransformStream would still have to opt-in to this behaviour, so they couldn't be tricked into leaking information through a side-channel.

> Could you observe the result of an pipe between opaque streams?

The internals of pipes are hidden from user JavaScript to make them more optimisable, but this also makes them a theoretically safe way to manipulate opaque streams.

> Is the initiator of the pipe allowed to know whether the pipe completes successfully or with an error through the pipe's `Promise`?

I'm not sure. Certainly we'd have to replace the rejection reason with something harmless. But even the fact that it failed may be too sensitive to expose.

> Can the initiator abort the pipe using an `AbortSignal`?

A difficult question. It requires a detailed threat model, which I don't think we can create until we have some concrete use cases.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/streams/issues/983#issuecomment-463623684