W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: CfC: Republish MIX as CR; deadline July 29th.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 6 Aug 2015 11:20:51 +0200
Message-ID: <CADnb78gGR7Ab4t+J1cob2V89v--2L4-gNiC3diAK-d-knQC4Sg@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Aug 5, 2015 at 6:54 PM, Brian Smith <brian@briansmith.org> wrote:
> On Wed, Aug 5, 2015 at 3:48 AM, Mike West <mkwst@google.com> wrote:
>> Last I heard, Anne was going to decide whether we would end up defining
>> the "Is X a passthrough request?" property in MIX or Fetch. I don't have a
>> strong opinion either way.
>
> IMO, it is better to do in Fetch, because then (a) more specifications can
> reference it, (b) people working on changing Fetch and Fetch-based things
> may more easily notice that it is something that needs to be considered. and
> (c) it is easy to tweak the Fetch spec to improve the definition later, if
> necessary, than it is to improve MIX.

(c) seems like a bug. (b) rings true. As for (a), nobody could think
of any other specifications. The other problem I have is how I would
go about defining this. It's quite easy to construct a new request
from an existing one. I guess for the purposes of this that would not
necessarily make it passthrough. It seems in order to define
"passthrough" service workers would have to set a bit on the request
they associate with the fetch event. And then when you invoke fetch()
or new Request() and pass in such a request and don't modify anything
else we'd keep the bit set? (Though we would modify what CSP policy
applies and such as part of the normal request normalization
procedures.)


-- 
https://annevankesteren.nl/
Received on Thursday, 6 August 2015 09:21:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC