| 02:17 | <boogyman> | annevk: looking at https://github.com/whatwg/fetch/issues/27 it seems like there hasn't been progress or decisions recently. Are you aware of any not currently listed there? |
| 04:29 | <annevk> | boogyman: cancelable promises is making progress in TC39 |
| 07:28 | <manishearth> | annevk: if it's a security bug, would it have been worth a bounty? ;) |
| 07:28 | <manishearth> | (I'm not eligible for bounties anymore anyway) |
| 07:29 | <annevk> | manishearth: dunno |
| 07:29 | <manishearth> | annevk: how can this be exploited, anyway? |
| 07:29 | <manishearth> | sounds like a minor detail about the security policy -- not sure what mischief can be done if this leaks |
| 07:29 | <annevk> | manishearth: a server might do something weird upon receiving that header |
| 07:30 | <manishearth> | ah |
| 08:03 | <annevk> | Do we have any other github.io domains than Loader? |
| 08:03 | annevk | wants to enforce HTTPS for all of them now that's possible |
| 08:50 | <manishearth> | annevk: does gecko implement the fetch spec yet? or does each thing approximate it? |
| 08:51 | <manishearth> | as in, is there a hunk of code that more or less looks like the spec |
| 08:51 | <Ms2ger> | There is not |
| 08:51 | <Ms2ger> | There may well never be |
| 08:51 | <annevk> | manishearth: no, this is why service workers took a long time and such |
| 08:51 | <manishearth> | ah |
| 08:52 | <annevk> | Ms2ger: interesting, they're not convinced it's better architecture? |
| 08:52 | <annevk> | Ms2ger: or will Rust just replace all the code? |
| 08:52 | <Ms2ger> | I don't know about that |
| 08:52 | <manishearth> | yeah when I implemented XHR in servo I realized that we should switch to the fetch spec (at the time it wasn't complete) as soon as possible, since approximating it makes reasoning abut certain things hard |
| 08:52 | <annevk> | Ms2ger: so you're speculating? |
| 08:52 | <Ms2ger> | It's just a lot of code, and large rewrites are always hard |
| 08:52 | <Ms2ger> | Yes |
| 08:52 | <manishearth> | yeah |
| 08:53 | <manishearth> | we have a pretty small net stack right now so it's not hard to write the fetch thing |
| 08:54 | <Ms2ger> | And it's been pretty big for us too |
| 08:54 | <manishearth> | + <!-- If you are ever tempted to move this around, carefully consider responses from about URLs, |
| 08:54 | <manishearth> | + blob URLs, service workers, HTTP cache, HTTP network, etc. --> |
| 08:54 | <manishearth> | haha |
| 08:54 | <manishearth> | Ms2ger: right |
| 08:54 | <annevk> | It's nice that there's at least one implementation that is fairly close |
| 08:54 | <manishearth> | one outreachy intern, plus a week of work for me integrating it + chasing tests (mostly spec bugs and test bugs, yay) |
| 08:55 | <annevk> | I never quite wrapped my head around Gecko's stack, but it seems like there's a lot of disjoint pieces that sorta hold the fort together |
| 08:55 | <manishearth> | annevk: this is why I've been filing so many spec/wpt bugs lately, we implemented the spec to the letter (modulo stuff we don't support), and it turns out that the spec is wrong in a few places :) |
| 08:55 | <annevk> | And Chrome seems to have similar flaky code where it's quite easy for new features to violate the same-origin policy |
| 08:55 | <manishearth> | well, I mean it's just as easy to violate the same origin policy by adding a new feature to the fetch spec :) |
| 08:55 | <annevk> | Yeah, unfortunately all specs are pretty crappy |
| 08:56 | <annevk> | Even https://encoding.spec.whatwg.org/ which I keep thinking is done gets some rather annoying bug reports from time to time |
| 08:56 | <manishearth> | eh, it's okay. these were mostly minor edge cases, which were fortunately caught by wpt |
| 08:56 | <manishearth> | heh |
| 08:57 | <annevk> | I saw that some folks will maybe try to turn the ECMAScript specification into something that can be verified |
| 08:57 | <annevk> | If we reach that level of tooling and can start adopting that elsewhere, that would be quite nice |
| 08:57 | <annevk> | Writing standards and hoping humans will catch all the errors is just so messy |
| 09:00 | <Ms2ger> | Verifying is fucking hard, though :/ |
| 09:01 | <manishearth> | annevk: > response's url list will be typically empty at this point |
| 09:01 | <manishearth> | annevk: why? |
| 09:01 | <manishearth> | that step runs after basic fetch or http fetch |
| 09:02 | <annevk> | manishearth: because nothing has set it |
| 09:02 | <manishearth> | oh wait |
| 09:02 | <manishearth> | sorry |
| 09:02 | <manishearth> | *response*'s url list |
| 09:02 | <annevk> | 😊 |
| 09:02 | <annevk> | Ms2ger: the current state of play is too, no? |
| 09:40 | <annevk> | Domenic: happy b-day! 🎂 |
| 09:43 | <nox> | Domenic: http://upload.wikimedia.org/wikipedia/commons/thumb/0/08/Pencils_hb.jpg/440px-Pencils_hb.jpg |
| 10:13 | <manishearth> | annevk: I want privileged frames to be able to bypass CORS checks |
| 10:14 | <manishearth> | Request mode "no-cors" is enough for this? |
| 10:14 | <manishearth> | nox: ha! |
| 10:35 | <annevk> | manishearth: frames use navigate |
| 10:36 | <manishearth> | hm |
| 10:36 | <manishearth> | annevk: does it affect anything else? |
| 10:36 | <annevk> | manishearth: it's not really clear what you want |
| 10:37 | <manishearth> | annevk: I want it to work exactly like an XHR fetch from the same origin |
| 10:37 | <manishearth> | annevk: we have a toplevel privileged frame that is allowed to do some of these things |
| 10:39 | <annevk> | manishearth: I'm not sure |
| 10:39 | <annevk> | manishearth: Fetch is defined for the observable web |
| 10:39 | <annevk> | manishearth: I don't really want to provide guarantees beyond that |
| 11:21 | <nox> | manishearth: Glad someone liked it. :) |
| 13:11 | <annevk> | Domenic: there's a lot of technical debt around creating documents, geez |
| 13:12 | <Domenic> | annevk: during navigation? Or in general? |
| 13:12 | <annevk> | Domenic: and these algorithms have become quite big so it's not super easy to refactor, so I'm just doing it very slowly |
| 13:12 | <annevk> | Domenic: navigation in particular |
| 13:12 | <Domenic> | annevk: nox: thanks 😀 |
| 13:13 | <annevk> | Domenic: there might be a more general document allocation thing lurking in the background, but navigation is the one I'm trying to tackle atm |
| 13:13 | <Ms2ger> | annevk, any particular kind of chocolate you like? |
| 13:14 | <Ms2ger> | (Don't say "Swiss"...) |
| 13:14 | <jgraham> | Do say "Icelandic" |
| 13:16 | <annevk> | Ms2ger: hmm, chocolates with filling from Belgium? |
| 13:16 | <nox> | Swiss chocolate with Belgian filling. |
| 13:16 | <annevk> | jgraham: have to try those sometime |
| 13:17 | <Ms2ger> | You could say Icelandic, but then you just wouldn't be getting anything :) |
| 13:17 | <annevk> | I was trying to bring a present from the airport for someone, but the Zurich airport is somewhat disappointing; however, it has lots of chocolates of which I could bring some next week |
| 13:18 | <annevk> | Organize a little competition 😛 |
| 13:18 | <nox> | Ms2ger: Not in #servo anymore, is that normal? |
| 13:18 | <Ms2ger> | Hrm, I just realized I might not be able to get chocolate before leaving... |
| 13:18 | <Ms2ger> | We'll see |
| 13:20 | <jgraham> | Ms2ger: If only London had chocolate shops… |
| 13:21 | <Ms2ger> | jgraham, pah |
| 13:22 | <jgraham> | (oblig. hint: http://sourcedmarket.com/ stocks chocolate from http://cocoarunners.com/. Although not filled chocolates iirc. But for that there's e.g. https://www.rococochocolates.com/ and many others) |
| 13:22 | <jgraham> | (both are in Marylebone) |
| 13:23 | <annevk> | jgraham: ah, you can give us the tour |
| 14:21 | <wanderview> | annevk: is SRI integrity supported on anything other than HTTP? |
| 14:31 | <annevk> | wanderview: I think it works for blob URLs and such |
| 14:31 | <annevk> | wanderview: can you get to https://github.com/whatwg/fetch/pull/322 today? |
| 14:31 | <wanderview> | ok... yea... in this case I guess the constraining thing is we only intercept http URLs |
| 14:31 | <annevk> | wanderview: well, that's not really needed, but an ETA would be nice |
| 14:33 | <wanderview> | annevk: looking |
| 14:42 | <wanderview> | annevk: done |
| 14:44 | <annevk> | ta |
| 15:20 | <annevk> | What invokes https://html.spec.whatwg.org/multipage/browsers.html#scroll-to-fragid exactly? That first paragraph and its steps seems completely standalone? |
| 15:21 | <Ms2ger> | Not sure |
| 15:22 | <Domenic> | looks like it's meant to be invoked by navigation... |
| 15:22 | <Domenic> | > Fragments: If this is not a reload-triggered navigation, resource's URL equals browsingContext's active document's URL with exclude fragments flag set, and resource's URL's fragment is non-null, then navigate to that fragment and abort these steps. |
| 15:22 | <Ms2ger> | Yeah, just found that too |
| 15:22 | <Domenic> | Confusing since the <dfn> is inside the heading, not the phrase |
| 15:26 | <annevk> | I see |
| 15:26 | <annevk> | So much still to test |
| 21:01 | <zcorpan> | https://twitter.com/zcorpan/status/740653950899216384 15 mins left |
| 21:05 | <Domenic> | i am really curious about that one |
| 21:18 | <wanderview> | Domenic: why does streams 3.10.5.2 [[Pull]] create a Record with [[ctor]] %Uint8Array% instead of just constructing a Uint8Array? |
| 21:19 | <wanderview> | Domenic: oh... I guess that is used to construct the thing later... sorry for my confusion |
| 21:21 | <zcorpan> | Domenic: answer posted |
| 21:48 | <gsnedders> | is <p><table> not another Acid2 quirk? |
