W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: CfC: Republish MIX as CR; deadline July 29th.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 6 Aug 2015 11:20:51 +0200
Message-ID: <CADnb78gGR7Ab4t+J1cob2V89v--2L4-gNiC3diAK-d-knQC4Sg@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Mike West <mkwst@google.com>, Brad Hill <hillbrad@gmail.com>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Aug 5, 2015 at 6:54 PM, Brian Smith <brian@briansmith.org> wrote:
> On Wed, Aug 5, 2015 at 3:48 AM, Mike West <mkwst@google.com> wrote:
>> Last I heard, Anne was going to decide whether we would end up defining
>> the "Is X a passthrough request?" property in MIX or Fetch. I don't have a
>> strong opinion either way.
> IMO, it is better to do in Fetch, because then (a) more specifications can
> reference it, (b) people working on changing Fetch and Fetch-based things
> may more easily notice that it is something that needs to be considered. and
> (c) it is easy to tweak the Fetch spec to improve the definition later, if
> necessary, than it is to improve MIX.

(c) seems like a bug. (b) rings true. As for (a), nobody could think
of any other specifications. The other problem I have is how I would
go about defining this. It's quite easy to construct a new request
from an existing one. I guess for the purposes of this that would not
necessarily make it passthrough. It seems in order to define
"passthrough" service workers would have to set a bit on the request
they associate with the fetch event. And then when you invoke fetch()
or new Request() and pass in such a request and don't modify anything
else we'd keep the bit set? (Though we would modify what CSP policy
applies and such as part of the normal request normalization

Received on Thursday, 6 August 2015 09:21:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:50 UTC