Re: [whatwg/fetch] More CORB-protected MIME types - safelist-based approach (#721) from Lukasz Anforowicz on 2019-03-05 (public-webapps-github@w3.org from March 2019)

From: Lukasz Anforowicz <notifications@github.com>
Date: Tue, 05 Mar 2019 10:24:06 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/721/469794911@github.com>

Actually, I guess that we can have separate CORB state for each execution context (frame, service worker, etc.) and discard CORB state when the frame goes away.  So maybe the memory growth concerns are not a big isssue.  And some other heuristics can also help in a non-malicious case (e.g. only storing state for range-requestable resources - for audio and video, but maybe not for javascript, stylesheets and images).  I am not sure if there is something that can be done to prevent unbounded memory growth in a malicious case - maybe we can keep at most X entries in the cache and purge least recently used ones when overflowing the threshold.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/721#issuecomment-469794911

Received on Tuesday, 5 March 2019 18:24:27 UTC