W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [SRI] What should we Hash Redux

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Thu, 3 Jul 2014 10:03:42 -0700
Message-ID: <CAPfop_3GgVQU+zd5a1j_e-FVhAQJAxU5WP_XF-Aa-TN+yZJVGA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
> I'm not sure why you refer to Fetch as SW. There's only a tiny part of
> Fetch that defers SW, otherwise it mostly defines the platform's
> URL/networking stack.

Sorry, I meant SW.

> The spec seems to suggest there is:
>
> https://tools.ietf.org/html/rfc7230#section-3.3
>

Forgive me, but the way I read it---payload body is message body with
transfer encoding removed. That still leaves the gzip
content-encoding, right?


>>> fetch() exposes the message body (as a stream, though the only methods
>>> available on that stream undo the content codings and give you the
>>> payload body as a result).
>>
>> So, fetch, XHR both use body with content codings removed? What
>> happens when it is a tar.gz file with Content-Encoding: gzip? Does
>> fetch and XHR remove the codings?
>
> No, XMLHttpRequest, <img>, and such do,

so, to be sure, you are saying XHR'ing a .tar.gz file will give me the
un-gziped version of the file?


> It seems HTML does not define this in detail at the moment. That would
> need to be fixed.

Yup. And I am hoping once the other specs define all these things in
detail, SRI won't need to. SRI can just refer to the other specs.

thanks
Dev
Received on Thursday, 3 July 2014 17:04:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC