Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate Fetch and "AppCache" or remove "AppCache" #151

Closed
annevk opened this issue Sep 16, 2015 · 18 comments · Fixed by #6153
Closed

Integrate Fetch and "AppCache" or remove "AppCache" #151

annevk opened this issue Sep 16, 2015 · 18 comments · Fixed by #6153

Comments

@annevk
Copy link
Member

annevk commented Sep 16, 2015

The fix for #95 leaves "AppCache" slightly broken based on the expectation that it will be removed. If removing "AppCache" is no longer likely a year and a bit from now we should reevaluate and consider defining "AppCache" properly in terms of Fetch. (And move parts of the processing model into Fetch, most likely.)

@wanderview
Copy link
Member

Should we mark it deprecated? I believe both Firefox and Chrome have intentions to remove it in the future.

In the meantime, it would be nice to at least spec that appcache is disabled when the page is being controlled by a service worker handling FetchEvent.

@annevk
Copy link
Member Author

annevk commented Sep 16, 2015

It's already marked deprecated. The other issue is https://www.w3.org/Bugs/Public/show_bug.cgi?id=27482 which @jungkees will provide a PR for at some point.

@wanderview
Copy link
Member

Ok, sorry for my confusion.

annevk added a commit that referenced this issue Sep 17, 2015
This is not a perfect rewrite, but provides a much more solid basis for implementations and future work. Follow up fixes will be needed to create a more uniform whole. (See #151, #156, and #158.)

PR: #144

Fixes:

* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24080
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24613
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24659
* #95
* #106
* #140
annevk added a commit that referenced this issue Sep 17, 2015
This is not a perfect rewrite, but provides a much more solid basis for implementations and future work. Follow up fixes will be needed to create a more uniform whole. (See #151, #156, and #158.)

Fixes:

* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24080
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24613
* https://www.w3.org/Bugs/Public/show_bug.cgi?id=24659
* #95
* #106
* #140
@jakearchibald
Copy link
Contributor

F2F: Chrome really needs to drop appcache for HTTP (as do other browsers, as it's a security risk). Then we can start phasing it out further when other browsers ship service worker.

We really hope we can drop this before we have (well, @annevk has) to do a ton of spec work about it.

@jakearchibald
Copy link
Contributor

Thought from @wanderview: Browsers could display "This site may be compromised" on appcache over HTTP.

@jakearchibald
Copy link
Contributor

…although the above may result in the user just using another browser which doesn't show such scary warnings.

@brucelawson
Copy link

brucelawson commented Apr 4, 2017 via email

@jakearchibald
Copy link
Contributor

I think we should aim to. Appcache represents a huge security hole on HTTP, and isn't doing what most authors expect. It's near impossible to make a mostly-textual site work offline with appcache.

I'm not against a high-level API for common cases, but a library should guide the way.

@domenic
Copy link
Member

domenic commented Mar 29, 2019

Note that https://www.w3.org/Bugs/Public/show_bug.cgi?id=28009 has a bit more details on the security hole that AppCache provides.

@chris-morgan
Copy link

We just had a security hole pointed out on a user content domain that only exists because of AppCache, especially in Chromium with its CHROMIUM-INTERCEPT feature. This whole AppCache thing was supposed to be an optional enhancement, and it’s long obsolete, and everyone supports Service Workers for at least a year and a half now; so any chance of stirring up discussion towards killing it outright at last?

@annevk
Copy link
Member Author

annevk commented Oct 25, 2019

Yes, I expect we're able to remove it from the specification somewhere in the first half of 2020, after Chrome and Firefox unship it successfully. (Thanks to @jonathanKingston for starting that whole initiative up again recently!)

@chris-morgan
Copy link

I went searching more carefully for bugs tracking removing it:

Not being inside the community, this information may very well be incomplete or incorrect.

@rniwa
Copy link

rniwa commented Oct 28, 2019

I know for a fact certain usage of AppCache would require WebKit to continue to support AppCache towards the end of 2020. Also, WKWebView clients on iOS only support app cache, and not service workers.

@wanderview
Copy link
Member

The latest plan for appcache in chromium is here:

https://groups.google.com/a/chromium.org/d/msg/blink-dev/FvM-qo7BfkI/AvxoE6JpBgAJ

@annevk
Copy link
Member Author

annevk commented Apr 17, 2020

At the moment it looks like the beginning of June will see AppCache removed in Firefox 77 and the AppCache API will continue to exist but no-op.

Does Chrome have an updated plan?

@TimothyGu
Copy link
Member

TimothyGu commented Apr 17, 2020

Here’s the latest in Chromium: https://groups.google.com/a/chromium.org/d/msgid/blink-api-owners-discuss/CA%2B1_fV8fagVuFk%2B_Pb-TGzWyQAVj6A3vwcgjvG6GgLFm6DqTMQ%40mail.gmail.com

In essence: reverse origin trial ASAP, and target removal of AppCache for websites without origin trial for M85 (which goes stable in August).

@domenic
Copy link
Member

domenic commented Aug 6, 2020

We're about one release away from AppCache being removed in both Firefox and Chrome. It might be time to rip it out from the spec.

Anyway, I stopped by to note that the "ready for post-load tasks" flag is almost entirely used by AppCache. print() is another consumer, but probably that could use "completely loaded" instead. We should probably investigate something analogous to #5796 once AppCache is gone.

annevk added a commit that referenced this issue Nov 17, 2020
This removes the manifest attribute on the html element, the text/cache-manifest format, the integration of application caches with navigation, the monkey patching of what is now Fetch, and the window.applicationCache API.

Closes #151 and closes #5505.
@annevk annevk mentioned this issue Nov 17, 2020
6 tasks
@annevk
Copy link
Member Author

annevk commented Nov 17, 2020

I created #6153 as I'm relatively confident at this point that Chrome and Firefox will succeed in removal.

annevk added a commit that referenced this issue Nov 30, 2020
This removes the manifest attribute on the html element, the text/cache-manifest format, the integration of application caches with navigation, the monkey patching of what is now Fetch, and the window.applicationCache API.

Closes #151 and closes #5505.
annevk added a commit that referenced this issue Dec 1, 2020
This removes the manifest attribute on the html element, the text/cache-manifest format, the integration of application caches with navigation, the monkey patching of what is now Fetch, and the window.applicationCache API.

Closes #151 and closes #5505.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

8 participants