- From: Emily Stark <notifications@github.com>
- Date: Thu, 11 May 2017 10:42:31 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 11 May 2017 17:43:03 UTC
I believe the URL string comparison is only safe because http/https URLs serialize with a trailing slash. If it weren't for the trailing slash, one URL could be a prefix-match for another non-same-origin URL. Relying on the trailing slash serialization seems extremely fragile and non-obvious to me, which is why I suggested adding an assertion that the matched URL is same-origin. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1118#issuecomment-300864187
Received on Thursday, 11 May 2017 17:43:03 UTC