Re: [whatwg/fetch] Request body streams should use chunked encoding (#966)

> > @yutakahirano [wrote](https://github.com/whatwg/fetch/issues/966#issuecomment-588065153):
> > @sleevi in that case we could run two experiments simultaneously, by introducing a temporary flag, say requireH2ForStreamingUpload, into RequestInit, for example. @sleevi are you fine with the idea? Can you help @wenbozhu and me set up the experiment (for the h2-only case)? @wenbozhu, what do you think about the idea?
> 
> How do you feel about inverting the flag? Say, `allowH1ForStreamingUpload`?
> 

I'm fine with this. @wenbozhu, thoughts?
> 
> The only thing I'm not sure of, with any restriction or permission, is that it would indirectly leak the [`nextHopProtocol`](https://www.w3.org/TR/resource-timing-2/#dom-performanceresourcetiming-nexthopprotocol) from Resource Timing, as either way, the flag would be a way to probe for H/1 vs H/2 support. I know [we talked](https://github.com/whatwg/fetch/issues/966#issuecomment-554985629) about some form of advertisement, and I realize there is a [CORS preflight](https://github.com/whatwg/fetch/issues/966#issuecomment-554535512) for any cross-origin request, but it may be worth **also** contemplating the [added header](https://github.com/whatwg/fetch/issues/966#issuecomment-555822768) or otherwise a signal that such information may be disclosed.

So you are thinking about [Timing-Allow-Origin](https://www.w3.org/TR/resource-timing-2/#sec-timing-allow-origin), right? We can require the header. On the other hand my vague understanding is that ResourceTiming people are looking to [a direction that CORS implies TAO](https://groups.google.com/a/chromium.org/d/msg/loading-dev/tgx4pfmlq_I/8uLELH_0AgAJ).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/966#issuecomment-595168938