Open mugdhalakhani opened 3 years ago
jakearchibald
commented
3 years ago We discussed this for service worker, and although it divided people, large scale sites said they'd likely lose data with a rule like this in place https://github.com/w3c/ServiceWorker/issues/204#issuecomment-342658175
asakusuma
commented
3 years ago Another way to address this problem is to allow app code to determine future behavior given a response. For instance, if we get a 500 from the server, we may want to say, "don't try this request again for at least 8 hours." As an owner of a large site, we definitely want to avoid DDoS, but we also can't afford to just drop requests if there's a server error, which can intermittently happen.
Creating this to track feedback from TAG review (https://github.com/w3ctag/design-reviews/issues/367):
Regarding the unregister on 4xx response, I think that it is important to have that, an error core (4xx or 5xx) should trigger an unregister to avoid zombie WebAppSec doing slow DDoS (if triggered by enough clients), so unregistering on errors mitigate that issue.