Service Worker 中的范围请求

https://jakearchibald.com/2018/i-discovered-a-browser-bug/

现在已经修复

媒体元素使用范围请求，当通过 sw 时，被标记为 no-cors 请求，并把 Range 请求头移除

为什么要删除没有明确的规范

However, media elements piece multiple responses together and treat it as a single resource, and that opens up an interesting attack vector: Can known data be mixed with unknown data to reveal the content of the unknown data?

Firefox 允许重定向后把不同源的内容组合在一起，能看到未知资源的长度。

https://bugzilla.mozilla.org/show_bug.cgi?id=1441153

https://bugzilla.mozilla.org/show_bug.cgi?id=1465074