Re: [w3c/ServiceWorker] Feature request: Provide a way to delay execution of a new service worker (#1208) from Daniel Huigens on 2017-11-04 (public-webapps-github@w3.org from November 2017)

From: Daniel Huigens <notifications@github.com>
Date: Sat, 04 Nov 2017 02:37:40 +0000 (UTC)
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1208/341866051@github.com>

Thanks, I hadn't seen those. The use case in https://github.com/w3c/ServiceWorker/issues/822#issuecomment-224193401 is basically the same as mine, namely, 1) a web app that handles potentially sensitive user data and doesn't send it to the server, or only does so after encryption, and 2) wants to verify that all updates to the web app are authenticated. Together, those things move the web app from "trust the server every time you open it" to trust-on-first-use.

The only thing that differs is what happens when an update is not authenticated:

1. With #822, the update wouldn't happen. That's the most fool-proof, but it allows developers to shoot themselves in the foot and render their web app broken.
2. In my proposal what would happen is, we show the user a big fat warning and try to convince them not to refresh the page.
3. Another idea is to add some "Do you want to update this web app? [Keep this version] [Update]" UI to the browser.

One issue to consider is, what happens if there is no open/visible client of the Service Worker? That can happen if a third party origin loads the web app in an iframe (and either hides it, or the web app responds with `X-Frame-Options: deny`). It can also happen when the SW receives a push event, although that can be prevented ahead of time by.. not registering for push events. It might be an issue for, say, encrypted chat apps though.

One option if we go with option 2 above, is to request permission for Web Notifications ahead of time. Then, we can always warn the user in the `updatefound` event. However, it's probably unwise to rely on users to grant that permission for security warnings. Another option is to not update the Service Worker if the web app responds with `X-Frame-Options: deny` (related [Chrome](https://bugs.chromium.org/p/chromium/issues/detail?id=773307) and [Firefox](https://bugzilla.mozilla.org/show_bug.cgi?id=1409007) bugs).

Similarly, with option 3 above, we could default to not updating if there is no open client.

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1208#issuecomment-341866051

Received on Saturday, 4 November 2017 02:38:02 UTC