- From: Jungkee Song <notifications@github.com>
- Date: Mon, 30 Nov 2015 18:42:32 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Tuesday, 1 December 2015 02:43:05 UTC
`clients.get(id)`, `clients.matchAll()`, `clients.claim()` can still deal with the non-secure context clients, e.g., the iframes running on the same origin with the service worker but embedded in an http top frame. Those clients should be filtered out, and the above APIs are exactly where that happens. Re client's id, fetch events for a non-secure client is also filtered out in Handle Fetch, but a non-secure client's id can still be exposed if we don't filter it out in `matchAll()`, etc. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/791#issuecomment-160830715
Received on Tuesday, 1 December 2015 02:43:05 UTC