fetch icon indicating copy to clipboard operation
fetch copied to clipboard

Published 20 hours ago verified publisher icon whatwg

redirect doesn't cancel or consume current response

Open ronag opened this issue 2 years ago • 9 comments

Even though a server shouldn't send a body with a redirect response, it is still possible. The way the spec is defined we have a deadlock here if the connection is re-used where the redirect response body is waiting to be consumed but we discard the reference and start a new request (mainFetch). We should probably consume/cancel/abort current response body before calling mainFetch again.

We avoid the same issue with 427 by setting forceNewConnection in httpNetworkOrCacheFetch.

ronag avatar Aug 10 '21 21:08 ronag

I'm not sure how much we want to say about this, though perhaps we should add some wording. A lot of this depends on the HTTP version.

annevk avatar Aug 11 '21 07:08 annevk

I think you want to cancel/end/abort the response stream in some way regardless of http version? Maybe just write "cancel response stream" and leave what that means as an implementation detail?

ronag avatar Aug 11 '21 07:08 ronag

Step 8 of https://fetch.spec.whatwg.org/#http-fetch does something like that. #637 is about making that version-agnostic.

This request is slightly different I suppose in that you are asking for mandatory behavior which is not unreasonable. We'd need everyone to agree on what that behavior should be though.

annevk avatar Aug 11 '21 07:08 annevk

Ah, you mean:

If actualResponse’s status is not 303, request’s body is not null, and the connection uses HTTP/2, then user agents may, and are even encouraged to, transmit an RST_STREAM frame.

Not sure why the "status is not 303" pre-condition exists? A 303 response may also contain a body if the server doesn't follow spec.

ronag avatar Aug 11 '21 07:08 ronag

In terms of "needs implementer interest" I can add Node to that list. I'm working on implementing fetch for nodejs through https://github.com/nodejs/undici.

ronag avatar Aug 11 '21 14:08 ronag

The WHATWG working mode is about implementing specs in browser engines, so we need multiple browser engines interested in such a thing.

domenic avatar Aug 11 '21 14:08 domenic

I see. Was hoping Node could be included in the list as an "engine". I assume then that WHATWG has limited (if any) involvement in Node.

ronag avatar Aug 11 '21 14:08 ronag

Yeah, you can learn more about the WHATWG here: https://whatwg.org/faq#what-is-the-whatwg

domenic avatar Aug 11 '21 14:08 domenic

Likewise the 407 case does not cleanup the active response.

ronag avatar Aug 11 '21 15:08 ronag