AppCache: Cross-origin resource size padding

For quota accounting purposes, the size of cross-origin AppCache resources will be padded. Cross-origin resources are resources whose origin differs from the manifest's origin. The size padding will be a random number, uniformly distributed between 0 and about 14MB. Quota accounting purposes include the size reported by the Quota API and quota enforcement (an origin's storage API calls are blocked when the origin exceeds its quota).

AppCache can be used in conjunction with the Quota API to learn the size of cross-origin resources. This has the same implications as the Cache Storage + Quota API attack described in the HEIST paper in USENIX 2016.

Comments

The rationale behind considering all cross-origin resources opaque is documented at https://docs.google.com/document/d/1eNU9HpSl4PBxmEfyoAJpgsKbiugC1wOscchcA2U8KHM/

Documentation

• https://tom.vg/papers/request_and_conquer_usenix2016.pdf
• https://tom.vg/2016/08/request-and-conquer/

Specification

No public standards discussion

Status in Chromium

Blink components: Blink>Storage>AppCache

Enabled by default (tracking bug) in:

• Chrome for desktop release 75
• Chrome for Android release 75
• Android WebView release 75

Consensus & Standardization

• Firefox: No public signals
• Edge: No public signals
• Safari: No public signals
• Web Developers: No signals

Owners

• staphany@chromium.org
• mek@chromium.org

Last updated on 2019-04-23