You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Regarding the unregister on 4xx response, I think that it is important to have that, an error core (4xx or 5xx) should trigger an unregister to avoid zombie WebAppSec doing slow DDoS (if triggered by enough clients), so unregistering on errors mitigate that issue.
The text was updated successfully, but these errors were encountered:
We discussed this for service worker, and although it divided people, large scale sites said they'd likely lose data with a rule like this in place w3c/ServiceWorker#204 (comment)
Another way to address this problem is to allow app code to determine future behavior given a response. For instance, if we get a 500 from the server, we may want to say, "don't try this request again for at least 8 hours." As an owner of a large site, we definitely want to avoid DDoS, but we also can't afford to just drop requests if there's a server error, which can intermittently happen.
Creating this to track feedback from TAG review (w3ctag/design-reviews#367):
Regarding the unregister on 4xx response, I think that it is important to have that, an error core (4xx or 5xx) should trigger an unregister to avoid zombie WebAppSec doing slow DDoS (if triggered by enough clients), so unregistering on errors mitigate that issue.
The text was updated successfully, but these errors were encountered: