| 07:43 | <Jake Archibald> | annevk: is it worth making a rule somewhere that UI related events must happen before the next render? Or at the very least, it shouldn't be a race condition |
| 07:48 | <annevk> | jub0bs: how would your Bearer example ever end up as authentication entry? |
| 07:49 | <annevk> | Jake Archibald: probably, though should get wider input on these toggle cases first |
| 08:36 | <annevk> | dlrobertson: I discovered the blob range tests are all wrong, working on a patch |
| 12:21 | <dlrobertson> | dlrobertson: I discovered the blob range tests are all wrong, working on a patch |
| 12:22 | <dlrobertson> | Is this in addition to web-platform-tests/wpt#39078? |
| 12:25 | <annevk> | dlrobertson: no that's all, "all" was an overstatement |
| 12:27 | <annevk> | dlrobertson: trying to get you reviewer status over in #wpt:matrix.org |
| 12:28 | <dlrobertson> | I'm not sure why I put the HTTP whitespace examples in the unsupported blob range section |
| 12:28 | <dlrobertson> | I think I added those after we found out those were okay |
| 12:29 | <dlrobertson> | Good catch and thanks for the fix! |
| 15:47 | <smaug> | annevk: how is ORB supposed to work with CORP? The pr does ORB check before CORP. |
| 15:51 | <annevk> | smaug: there's some discussion about allowing CORP to bypass it at the end of https://github.com/annevk/orb/issues/3 |
| 15:51 | <smaug> | aha |
| 15:51 | <smaug> | just noticed that some requests Google docs does are blocked by ORB because of this |
| 16:10 | <annevk> | smaug: interesting, how would they have been able to use these responses? The CORP thing was mainly considered for future formats |
| 16:16 | <smaug> | oh, hmm, is this a beacon |
| 16:17 | <annevk> | smaug: ah okay, for those the response is ignorable anyway, could even decide to not let the website process know about those and save some CPU cost |
| 16:19 | <smaug> | yeah |
| 16:26 | <smaug> | GMaps has some 204 responses, also with cross-origin-resource-policy: cross-origin, and those "fail" because or ORB |
| 16:58 | <annevk> | smaug: that might be a real problem; I guess we need to safelist 204 |
| 16:58 | <annevk> | smaug: I wonder if we should still try to validate something about the body, perhaps that it doesn't have one |
| 16:59 | <smaug> | annevk: actually, this case was then from csp-report, again something where response isn't interesting |
| 17:00 | <annevk> | smaug: also, it seems that ORB happens post-cache, so 204 should have been transformed into a 200 already |
| 17:00 | <smaug> | But about CORP, I think it is very surprising that CORP: cross-origin doesn't bypass ORB |
| 17:02 | <annevk> | smaug: I could see it as some kind of perf improvement or indeed for new formats, but other than that it seems like it would make mistakes easier |