Skip to content

How it works

Jump to bottom
Jimmy Wärting edited this page Apr 22, 2019 · 1 revision

HOW IT WORKS:

  1. Create a writable stream and hand it over to the user
    • If in in a secure context open mitm.html in a hidden iframe amd wait for onload event. (this iframe will be reused for more further downloads)
    • If not in a secure context Open a cross origin popup and wait for a message event. at the same time, if the stream is not transferable open another hidden mitm iframe and instruct it to just create a WebWorker. PS: best to do this durning user interaction to avoid popup blocker if you are using a insecure context, in secure context it don't matther.
  3. mitm.html installs the service worker (sw.js) and waits for any postMessage with a MessageChannel that it will forward to the sw.js
  4. nothing...
  5. StreamSaver sends a new MessageChannel + a url friendly download url path that will be prefixed with the origin by mitm.html along with some response headers and wheter or not the stream is going to be transferable. and whether or not mitm.html should start a WebWorker, this will be true for iframed mitm and non-transferable streams
  6. If the mitm.html is instructed to create a WebWorker it will do so, so that sw.js will be able to comunicate back and forth to try and keep the sw.js alive.
  7. mitm.html forwards the message to the sw.js
  8. if sw.js is instructed to communicate with WebWorkers it will lookup all WebWorker and let the worker know it should ping the sw.js to keep it alive
  9. Service worker register a handler for the download path. and waits for it to be requested.
  10. Service worker sends back a download url to the message channel port telling streamsaver that the handler have been registed and it can now be requested. and what the absolute url is that it should request.
    • if StreamSaver is in a secure context it will then create a hidden iframe to request the download url.
    • if not closes the mitm popup and waits for 2048 bytes to have been written to the stream. Or it has been been flusshed before continuing so that the saveAs dialog gets triggerd. This is to prevent any further scripting beeing stopped when navigating to the download url. (scripts will be resumed as soon as browser knows it's a download) reason why we will do location.href = downlaodUrl is cuz a popup and click on a download link will be blocked by non user interaction. + they are anoying. And a Service Worker don't listen to any fetch event on webpages that has the isSecureContext = false
Clone this wiki locally