From 6a67c25a16d3cbd98afaaadd7461f3d76c2a233d Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Mon, 11 Apr 2022 09:04:28 +0300 Subject: [PATCH 1/8] Range requests: Make status/range verification optional Verifying media responses performs 3 verifications: * The response should also be a range response * The response's range should match the request's range * There should not be mixed origins with opaque response While the last verification is mandatory for same-origin policy, the first two are optional, and may be skipped if the user-agent decides to be lenient towards servers who don't handle range requests properly. See #7655 (comment) --- source | 44 ++++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/source b/source index 8dfd609dd69..c82e3f9025c 100644 --- a/source +++ b/source @@ -35082,16 +35082,22 @@ interface MediaError { (number, number or "until end") tuple byteRange:

    -

  1. If response is a network error, then return false.

    2. - -

  2. If byteRange is "entire resource", then return - true.

    3. +

  3. If response is a network error, then return + "failure".

  4. Let internalResponse be response's unsafe response.

  5. If internalResponse's status is - not 206, then return false.

    6. + neither 200 or 206, then return "failure".

    + +

  6. If internalResponse's status is + 200, then: If byteRange is "entire resource" then return + "success". Otherwise return + "range not supported".

    7. + +

  7. If byteRange is "entire resource" then set + byteRange to (0, "until end").

  8. Let origin be "rewritten" if internalResponse's URL is null; otherwise @@ -35116,7 +35122,8 @@ interface MediaError {

    then set resource's origin to origin.

    -

    Otherwise, if response is CORS-cross-origin, then return false.

    +

    Otherwise, if response is CORS-cross-origin, then return + "failure".

    Otherwise, set resource's origin to "multiple".

    @@ -35131,9 +35138,9 @@ interface MediaError {

  9. If start is not byteRange[0], or if byteRange[1] is neither "until end" or end, - return false.

    10. + return "range mismatch".

    -

  10. Return true.

    11. +

  11. Return "success".

The resource fetch algorithm for a @@ -35270,12 +35277,21 @@ interface MediaError { -

  • If the result of verifying - response given the current media resource and - byteRange is false, then call finalize. Otherwise, - incrementally read response's - body given updateMedia, - processEndOfMedia, finalize, and global.

    • +
  • +

    If the result of + verifying response given the + current media resource and byteRange is + "failure", then call finalize. Otherwise, + incrementally read + response's body given + updateMedia, processEndOfMedia, finalize, and + global.

    + +

    User-agents may also treat "range mismatch" and + "range not supported" as failures. Supporting media loading from + servers without proper support for HTTP range requests requires buffering on the client + side, which might have implications on performance and memory use.

    +

  • Update the media data with the contents of response's unsafe response obtained in this fashion. response can be From d430d83fb759d19b84b18a6f1bccc4211274bae4 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Mon, 11 Apr 2022 18:02:44 +0300 Subject: [PATCH 2/8] Remove optional bit --- source | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/source b/source index c82e3f9025c..100819bcdac 100644 --- a/source +++ b/source @@ -35277,21 +35277,14 @@ interface MediaError {

    • -
  • -

    If the result of - verifying response given the - current media resource and byteRange is - "failure", then call finalize. Otherwise, - incrementally read - response's body given - updateMedia, processEndOfMedia, finalize, and - global.

    - -

    User-agents may also treat "range mismatch" and - "range not supported" as failures. Supporting media loading from - servers without proper support for HTTP range requests requires buffering on the client - side, which might have implications on performance and memory use.

    -
    • +

  • If the result of + verifying response given the + current media resource and byteRange is + "failure", then call finalize. Otherwise, + incrementally read + response's body given + updateMedia, processEndOfMedia, finalize, and + global.

  • Update the media data with the contents of response's unsafe response obtained in this fashion. response can be From 68d8985231ef0ad76e3b6d8bc45d111006f43e6d Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Fri, 22 Apr 2022 13:10:40 +0300 Subject: [PATCH 3/8] Bring back bools --- source | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/source b/source index 100819bcdac..01065ccb6c9 100644 --- a/source +++ b/source @@ -35082,22 +35082,24 @@ interface MediaError { (number, number or "until end") tuple byteRange:

      -

    1. If response is a network error, then return - "failure".

      2. +

    2. If response is a network error, then return false.

      3. + +

    3. If byteRange is "entire resource", then return + true.

    4. Let internalResponse be response's unsafe response.

      5. -

    5. If internalResponse's status is - neither 200 or 206, then return "failure".

      6. +
    6. +

      If internalResponse's status is + 200, then return true.

      -

    7. If internalResponse's status is - 200, then: If byteRange is "entire resource" then return - "success". Otherwise return - "range not supported".

      8. +

      Though some user-agents allow playing media from origins who don't support + range requests, this is generally discouraged as it requires buffering on the client side.

      + -

    8. If byteRange is "entire resource" then set - byteRange to (0, "until end").

      9. +

    9. If internalResponse's status is + not 206, then return false.

    10. Let origin be "rewritten" if internalResponse's URL is null; otherwise @@ -35122,8 +35124,7 @@ interface MediaError {

      then set resource's origin to origin.

      -

      Otherwise, if response is CORS-cross-origin, then return - "failure".

      +

      Otherwise, if response is CORS-cross-origin, then return false.

      Otherwise, set resource's origin to "multiple".

      @@ -35132,15 +35133,7 @@ interface MediaError { by being patched together with other responses from different origins.

      11. -

    11. Let (start, end) be the result of - extracting content-range values from - internalResponse.

      12. - -

    12. If start is not byteRange[0], or if - byteRange[1] is neither "until end" or end, - return "range mismatch".

      13. - -

    13. Return "success".

      14. +

    14. Return true.

    The resource fetch algorithm for a @@ -35280,7 +35273,7 @@ interface MediaError {

  • If the result of verifying response given the current media resource and byteRange is - "failure", then call finalize. Otherwise, + false, then call finalize. Otherwise, incrementally read response's body given updateMedia, processEndOfMedia, finalize, and From 2f0fdad2ab13526c025a4796c72f4373b9aa2fe9 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Wed, 4 May 2022 18:25:05 +0300 Subject: [PATCH 4/8] Remove discouraging --- source | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/source b/source index 01065ccb6c9..69671c7115f 100644 --- a/source +++ b/source @@ -35090,13 +35090,8 @@ interface MediaError {

  • Let internalResponse be response's unsafe response.

    • -
  • -

    If internalResponse's status is - 200, then return true.

    - -

    Though some user-agents allow playing media from origins who don't support - range requests, this is generally discouraged as it requires buffering on the client side.

    -
    • +

  • If internalResponse's status is + 200, then return true.

  • If internalResponse's status is not 206, then return false.

    • From c976b20ef77298c1c31475ad8cce60fdf0624231 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Wed, 4 May 2022 18:53:44 +0300 Subject: [PATCH 5/8] PR nits --- source | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/source b/source index 69671c7115f..0900794f771 100644 --- a/source +++ b/source @@ -2567,10 +2567,6 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
  • location URL
  • timing info
  • service worker timing info
    • -
  • - extract content-range values - -
  • @@ -35265,14 +35261,12 @@ interface MediaError {
    • -

  • If the result of - verifying response given the - current media resource and byteRange is - false, then call finalize. Otherwise, - incrementally read - response's body given - updateMedia, processEndOfMedia, finalize, and - global.

    • +

  • If the result of verifying + response given the current media resource and + byteRange is false, then call finalize. Otherwise, + incrementally read response's + body given updateMedia, + processEndOfMedia, finalize, and global.

  • Update the media data with the contents of response's unsafe response obtained in this fashion. response can be From 13d5e29f8e5faf81216d2d988d24992957648d29 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Wed, 18 May 2022 17:47:12 +0100 Subject: [PATCH 6/8] Fail verification on content-range failure --- source | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source b/source index 0900794f771..631f6320144 100644 --- a/source +++ b/source @@ -2567,6 +2567,10 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute

  • location URL
  • timing info
  • service worker timing info
    • +
  • + extract content-range values + +
  • @@ -35092,6 +35096,10 @@ interface MediaError {

  • If internalResponse's status is not 206, then return false.

    • +

  • If the result of extracting content-range values from + internalResponse is failure, then return false.

    • +

  • Let origin be "rewritten" if internalResponse's URL is null; otherwise internalResponse's URL's From 22237c2d1cbcd22448063f0e06e3724784b96999 Mon Sep 17 00:00:00 2001 From: Noam Rosenthal Date: Thu, 19 May 2022 07:45:42 +0100 Subject: [PATCH 7/8] Add note --- source | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/source b/source index 631f6320144..419859975c9 100644 --- a/source +++ b/source @@ -35096,9 +35096,17 @@ interface MediaError {

  • If internalResponse's status is not 206, then return false.

    • -

  • If the result of extracting content-range values from - internalResponse is failure, then return false.

    • +
  • +

    If the result of extracting content-range values from + internalResponse is failure, then return false.

    + +

    Note that the extracted values are not used, and in particular are not compared + to byteRange. So this step serves as syntactic validation of the Content-Range header, but if the Content-Range values on + the response mismatch the Range values on the request, that is not + considered a failure.

    +

  • Let origin be "rewritten" if internalResponse's URL is null; otherwise From b3523188ce7a498e3a63a6c7b312190de9a47484 Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Mon, 23 May 2022 13:09:50 -0400 Subject: [PATCH 8/8] Link headers --- source | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source b/source index 419859975c9..17c0ea95ab8 100644 --- a/source +++ b/source @@ -2459,7 +2459,9 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute

  • `Cache-Control` header
  • `Content-Disposition` header
  • `Content-Language` header
    • +
  • `Content-Range` header
  • `Last-Modified` header
    • +
  • `Range` header
  • `Referer` header
    • @@ -35102,10 +35104,10 @@ interface MediaError { internalResponse is failure, then return false.

    Note that the extracted values are not used, and in particular are not compared - to byteRange. So this step serves as syntactic validation of the Content-Range header, but if the Content-Range values on - the response mismatch the Range values on the request, that is not - considered a failure.

    + to byteRange. So this step serves as syntactic validation of the `Content-Range` header, but if the `Content-Range` values on the response mismatch the `Range` values on the request, that is not considered a failure.

  • Let origin be "rewritten" if