Contact emails
hark...@chromium.org, aw...@chromium.org, jakear...@chromium.org, pe...@chromium.org
Spec
https://github.com/jakearchibald/background-fetch
Summary
Background Fetch API provides a service worker based download and upload mechanism which is persistent across service worker and browser restarts.
The system should provide a developer-controllable interface to schedule, query, pause, and cancel background downloads and uploads. After a scheduled fetch completes, the system will notify the developer of the outcome of the operation by sending an event to the service worker.
In progress downloads and uploads will be handled by the download manager and will be visible to users in a notification. The user will be able to pause and cancel actions from that interface.
Downloads and uploads should continue even if the developer's website is not loaded in a tab, and if Chrome is closed, the download should resume when Chrome opens again.
Motivation
If a developer wants to download a file, they can initiate the download or upload via fetch or XHR, but those fetches will be canceled if the user navigates away from the tab or the service worker is shut down. Many developers have larger fetches that are needed for applications such as audio, video, photos, game levels, map packs, etc. which can’t be reliably fetched in the time available to a tab or service worker.
This API gives those developers the ability to queue up a fetch and then be evicted from memory without losing progress on the action. The fetch will continue while the app is not resident, and when the fetch is complete the service worker will be woken up and the app will be able to process the result.
Interoperability and Compatibility Risk
Standards discussion has already begun with web developers in the spec linked above. Additionally, we plan to release the feature using Origin Trials to get additional feedback before launching.
Edge: No signals
Firefox: No signals
Safari: No signals
Web developers: Positive
Ongoing technical constraints
None
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes, except WebView. Investigations are pending as to whether it is applicable in WebView. We expect that mobile platforms will be the primary users.
OWP launch tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=684578
Link to entry on the feature dashboard
https://www.chromestatus.com/features/5712608971718656
Requesting approval to ship?
No.
On Tuesday, January 24, 2017 at 10:12:47 AM UTC-8, Jennifer wrote:
Consider a hypothetical scenario of a large download being initiated, handed off to the OS (as captured in the explainer), and the user pauses the download. Later, they attempt to resume (by issuing a range request to the server). What happens if the server doesn't support range requests? What happens if the server issues a redirect - does the OS handle it, or does the SW? If the OS handles it, does it observe any CORS behaviours with respect to that redirect?
Firefox: No signals
In the initial implementation Chrome will handle the download.
In future it could be handed off to a smaller browser process, or OS, as long as it's spec compliant. I want the spec to allow for optimisations like this.
Range requests are a bigger issue, as they aren't covered by HTML specs at all. I've done a little work around this (https://github.com/w3c/ServiceWorker/issues/703 & https://github.com/whatwg/fetch/issues/144) but there's a much bigger task around defining the kind of ranged-responses that are acceptable to particular ranged-requests, and when ranged-requests can be made.
There are a handful of things that likely just need a bit of clarification in the spec:
What happens with downloads initiated from incognito mode? Should they terminate immediately once the incognito session is over?
The spec doesn’t mention credentials. It appears that backgroundFetch.fetch() needs to be called on a request object that has been set up beforehand. I can imagine that an implementation would likely punt the request to an external downloading process that is longer-lived than the browser itself.
On the desktop, does the download stop if the user closes the notification? As spec’d, it shouldn’t be possible to close the notification and have the download persist in the background.
What happens if you clear browsing data while a download is in progress?
How is the user aware of ongoing downloads on a mobile browser?
What’s the scope of a “tag”? (Per-origin? What about protocol scheme?) I would expect the tag mechanism to obey the SOP.
Is CORS respected?
Assuming XSS on a domain, an attacker could queue up downloading that happens on behalf of the victim domain, in the background, even after the user has closed the browser. Though if UI is always shown then this is probably not all that interesting.
What happens with downloads initiated from incognito mode? Should they terminate immediately once the incognito session is over?
The spec doesn’t mention credentials. It appears that backgroundFetch.fetch() needs to be called on a request object that has been set up beforehand. I can imagine that an implementation would likely punt the request to an external downloading process that is longer-lived than the browser itself.
On the desktop, does the download stop if the user closes the notification? As spec’d, it shouldn’t be possible to close the notification and have the download persist in the background.
What happens if you clear browsing data while a download is in progress?
How is the user aware of ongoing downloads on a mobile browser?
What’s the scope of a “tag”? (Per-origin? What about protocol scheme?) I would expect the tag mechanism to obey the SOP.
Is CORS respected?
- Is this mechanism regulated appropriately by CSP? (E.g.: connect-src)
Yes, I've been a bit lazy there. I'm aiming to do this and a second-pass on the explainer (incorporating feedback) next week.