Re: [whatwg/fetch] Request body streams should use chunked encoding (#966)

> @yutakahirano [wrote](https://github.com/whatwg/fetch/issues/966#issuecomment-588065153):
> @sleevi in that case we could run two experiments simultaneously, by introducing a temporary flag, say requireH2ForStreamingUpload, into RequestInit, for example. @sleevi are you fine with the idea? Can you help @wenbozhu and me set up the experiment (for the h2-only case)? @wenbozhu, what do you think about the idea?

How do you feel about inverting the flag? Say, `allowH1ForStreamingUpload`?

The thinking is this:
1. If this turns out to be not an issue in practice (despite the precedent), then it becomes easy to allow H/1 generally, simply treating this flag as a no-op in implementations that always allow H/2
2. It sets the default state to be conservative, and requires explicit opt-in to the riskier approach. This strikes a balance with picking a 'safe' default (given past precedent)

The only thing I'm not sure of, with any restriction or permission, is that it would indirectly leak the [`nextHopProtocol`](https://www.w3.org/TR/resource-timing-2/#dom-performanceresourcetiming-nexthopprotocol) from Resource Timing, as either way, the flag would be a way to probe for H/1 vs H/2 support. I know [we talked](https://github.com/whatwg/fetch/issues/966#issuecomment-554985629) about some form of advertisement, and I realize there is a [CORS preflight](https://github.com/whatwg/fetch/issues/966#issuecomment-554535512) for any cross-origin request, but it may be worth **also** contemplating the [added header](https://github.com/whatwg/fetch/issues/966#issuecomment-555822768) or otherwise a signal that such information may be disclosed.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/966#issuecomment-592560028

Received on Friday, 28 February 2020 15:21:35 UTC