- From: Jonas Sicking <notifications@github.com>
- Date: Wed, 17 Feb 2016 18:58:22 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Thursday, 18 February 2016 02:58:45 UTC
Foreign fetch doesn't cause requests to be sent directly to the host though. It only allows triggering function calls in the service worker. But yes, a registered serviceworker could use the foreignfetch API to route requests to the server. These requests could both contain cookies and perform other dangerous actions. The same thing could be done by a HTML file opened in an `<iframe>`. However it seems much less likely that someone will set up such a service worker, or such an HTML file, by accident and not realize what it does. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/210#issuecomment-185520424
Received on Thursday, 18 February 2016 02:58:45 UTC