Re: [whatwg/fetch] Streaming upload and HTTP protocol info leak (#1007)

I'm considering below API in fetch:
```javascript
fetch('https://grpc.example.com/posts', {
  method: 'POST',
  body: createReadableStream(content),
  AllowHTTP1ForStreamingUpload: false})
.catch((error) => {
    // This error flag is also a new API.
    // This means middleboxes forced H1 (e.g. a local proxy), 
    // and the author can detect that and fall back to non-streaming upload.
  if (error.IsHTTP1Negotiated) {
   fallbackUploadWithoutStream(content);
  }
});
```
With that, web author knows the negotiated protocol is HTTP/1.
This can be abused as `nextHopProtocol`? If so, how might we refrain from it?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1007#issuecomment-611864454

Received on Friday, 10 April 2020 03:50:19 UTC