compressstream-explainer icon indicating copy to clipboard operation
compressstream-explainer copied to clipboard

Published 20 hours ago verified publisher icon ricea

Check "gzip" checksum?

Open ricea opened this issue 6 years ago • 2 comments
trafficstars

Feedback from the Web Performance group at TPAC 2019 indicated that browsers will typically accept gzip input with incorrect checksums. We need to decide what the behaviour will be for DecompressionStream.

ricea avatar Sep 16 '19 05:09 ricea

GZip uses two checksums, a CRC-32 for the header, and one for the full file in its footer. If the header checksum is incorrect, this can be determined before any of the "body" bytes are returned, but if the footer checksum is incorrect, the streamed data probably has already been consumed by the reader before the mismatch is discovered.

ZLib Deflate uses includes an ADLER32 checksum in the footer.

ericlaw1979 avatar Sep 16 '19 07:09 ericlaw1979

I decided to verify the checksums by default, and possibly add a "power user" option to turn them off. As you say, the data will most likely have already been consumed by the time the error is detected, but it does at least alert the coder to the possibility of data loss.

ricea avatar Nov 25 '19 04:11 ricea