domenic
commented
3 months ago The explainer was not sufficiently clear here. Likely implementations will not want to cancel the actual download. But, from the page's perspective, the download should appear to have failed: i.e., ai.assistant.create() will basically-immediately return a rejected promise, and no further downloadprogress events will be fired.
The web developer might still notice that the initial portion of the download is "very fast" on subsequent create() calls. But that's fine.
I will work on an explainer update to make this clearer.
Reading through the explainer, I noticed that the current proposal is for the session destruction to cancel ongoing downloads https://github.com/explainers-by-googlers/prompt-api#session-destruction.
I want to call out that, this poses a risk of denial-of-service attack against services serving the model, where a malicious page can start the session creation, monitor until download is almost complete - cancel and start over. While a normal page could do this with a fetch request, in this case the cost of serving the model is borne by the browser vendor hence is an easier target than if the page had to host the content itself.
I don't believe the current chromium implementation aborts the download on session destruction, should this line be replaced in the explainer to say that session destruction will not cancel ongoing downloads of the model?