Re: [ServiceWorker] Should window.caches be removed (or readonly) for security reasons? (#698) from manuelmitasch on 2015-05-28 (public-webapps-github@w3.org from May 2015)

From: manuelmitasch <notifications@github.com>
Date: Thu, 28 May 2015 12:29:20 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/698/106573556@github.com>

> Confining access to service workers is not a defense mechanism. Anything that works there should go on window as well, and vice versa.

Why not? The context of the page is not safe. The context of the service worker should be safe (HTTPS-only; only explicit message passing).

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/698#issuecomment-106573556

Received on Thursday, 28 May 2015 19:29:46 UTC