- From: Mattias Buelens <notifications@github.com>
- Date: Thu, 14 Feb 2019 14:21:04 +0000 (UTC)
- To: whatwg/streams <streams@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 14 February 2019 14:21:30 UTC
> I hadn't thought of that. I think the creator of the TransformStream would still have to opt-in to this behaviour, so they couldn't be tricked into leaking information through a side-channel. I think if the readable side of the transform stream also becomes opaque, it should be safe. Not an expert though. 😛 > I'm not sure. Certainly we'd have to replace the rejection reason with something harmless. But even the fact that it failed may be too sensitive to expose. Even the promise resolving tells the initiator that the readable stream became closed. I think that might be used to estimate the "size" of the readable stream? > A difficult question. It requires a detailed threat model, which I don't think we can create until we have some concrete use cases. Agreed. For the moment, I don't see many benefits, and a lot of potential security issues. I think this would be better solved by making `Response` transferable, unless we find more compelling use cases for opaque streams. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/streams/issues/983#issuecomment-463644270
Received on Thursday, 14 February 2019 14:21:30 UTC