background-fetch icon indicating copy to clipboard operation
background-fetch copied to clipboard

Published 20 hours ago verified publisher icon WICG

Malicious usage of the background-fetch API

Open koresar opened this issue 7 years ago • 2 comments

Excuse me bringing that in. Probably this topic is well thought through, but I couldn't find anything related in this repository.

If I wanted to abuse the background-fetch I'd do the following:

  1. When someone visits my website I would
  2. install a service worker and
  3. start a dozen (or just one) of small file downloads (uploads?).
  4. On the server side I'd abort the stream in the middle.
  5. That would trigger backgroundfetchfail in the browser, then
  6. I'd do my malicious actions (work as a bot in the DDOS botnet?) and
  7. (re)start another file download. GoTo # 4.

What am I missing?

koresar avatar Mar 28 '17 03:03 koresar

I think this hole background fetch is unnecessary. It was already possible before it got a hard timeout on the service worker lifespan. You blocked it and now you introduce a new solution to the problem that is just another way of going around the problem. Some services has a perfectly valid reason to run a service worker for a longer period of time.

If this would be possible then i think the timeout on service worker should be lifted.

I think it should be done a better way informing user of malicious usage instead of removing the possibility to have a long running script that actually dose what the user want it to do maybe ask for permission, show a warning of long running or CPU/Memory intensive scripts. encourage or give the user the possibility to stop them without automatically doing so

In my case I think as long as the website with the same scope has a MessageChannel shared with the service worker it would be wrong to terminate the service worker

jimmywarting avatar Jun 09 '17 09:06 jimmywarting

What am I missing?

The background fetch will be very user visible and cancelable. But you're right we need to ensure that the SW can't simply restart another background fetch in response to that.

In my case I think as long as the website with the same scope has a MessageChannel shared with the service worker it would be wrong to terminate the service worker

This usecase is already handled by shared workers.

jakearchibald avatar Jun 09 '17 10:06 jakearchibald