On Tue, Nov 18, 2014 at 1:45 PM, Domenic Denicola <d...@domenic.me> wrote:
> From: Takeshi Yoshino [mailto:tyosh...@google.com] > > > On Tue, Nov 18, 2014 at 12:11 AM, Anne van Kesteren <ann...@annevk.nl> > wrote: > >> On Mon, Nov 17, 2014 at 3:50 PM, Domenic Denicola <d...@domenic.me> wrote: > >>> What do we think of that kind of behavior for fetch requests? > > > >> I'm not sure we want to give a potential hostile piece of script that > much control over what goes out. Being able to lie about Content-Length > would be a new feature that does not really seem desirable. Streaming > should probably imply chunked given that. > > > > Agreed. > > That would be very sad. There are many servers that will not accept > chunked upload (for example Amazon S3). This would mean web apps would be > unable to do streaming upload to such servers. > Hmm, is this kinda protection against DoS? It seems S3 SigV4 accepts chunked but still requires a custom-header indicating the final size. This may imply that even if sending with chunked T-E becomes popular with the Fetch API they won't accept such requests without length info in advance.
