Re: [whatwg/fetch] Add support for compression dictionary transport (PR #1854) from Frédéric Wang Nélar on 2026-06-02 (public-webapps-github@w3.org from June 2026)

From: Frédéric Wang Nélar <notifications@github.com>
Date: Tue, 02 Jun 2026 03:05:45 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1854/review/4408639835@github.com>

@fred-wang commented on this pull request.



> + then return a <a>network error</a>.
+
+ <li><p>Let <var>availableDictionaryItem</var> be the result of
+ <a for="header list">getting a structured field value</a> given <a><code>Available-Dictionary</code></a>,
+ "<code>item</code>", and <var>request</var>'s <a for=request>header list</a>.
+
+ <li><p>If <var>availableDictionaryItem</var> is null, then return a <a>network error</a>.
+
+ <li><p>Let <var>availableDictionaryHash</var> be the <a>bare item</a> of <var>availableDictionaryItem</var>.
+
+ <li><p>Let <var>newBody</var> be a new <a for=/>body</a> whose <a for=body>stream</a> is the
+ result of transforming <var>response</var>'s <a for=response>body</a>'s <a for=body>stream</a>
+ with an algorithm that verifies that the dictionary hash in the stream matches
+ <var>availableDictionaryHash</var> and decodes the rest of the stream with the applicable
+ algorithm as defined in [[!RFC9842]]. If verification or decoding fails,
+ error the transformed stream.

I'm not sure what's implied by this "error the transformed stream". Shouldn't we return a network error if decoding/verification fails? If not what do we expect for newBody in that case?

Also, about the hash verification, I don't see a lot from RFC 9842... Looking for "hash" or "available-dictionary", I find these paragraphs:
- https://www.rfc-editor.org/info/rfc9842/#name-available-dictionary
- https://www.rfc-editor.org/info/rfc9842/#section-2.3
- https://www.rfc-editor.org/info/rfc9842/#name-changing-content
- https://www.rfc-editor.org/info/rfc9842/#name-negotiating-the-content-enc

and in particular "The dictionary is validated using an SHA-256 hash of the content to make sure that the client and server are both using the same dictionary." from which one can infer the server is expected to send back the same hash if it has found the same on its side.

So can we actually just add a previous step that checks `availableDictionaryHash` matches the `Available-Dictionary` in request's header at step 9 and return a network error otherwise. Or Am I missing something?


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1854#pullrequestreview-4408639835
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1854/review/4408639835@github.com>

Received on Tuesday, 2 June 2026 10:05:49 UTC