- From: Daniel Huigens <notifications@github.com>
- Date: Mon, 16 Oct 2017 07:21:09 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/1208@github.com>
[I also [posted about this](https://lists.w3.org/Archives/Public/public-webapps/2017JulSep/0052.html) on the mailing list, but I didn't receive any replies and I feel that this is important. Sorry if it comes across as spam.] It would be nice if it were possible to reliably make a request from the `updatefound` event. Currently, if the new Service Worker calls `skipWaiting()`, the old Service Worker gets killed and its request canceled in both Chrome and Firefox, with no way to avoid it, because `updatefound` is not an `ExtendableEvent`. Why? I'm trying to use Service Workers to solve the [quite old and fundamental problem](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/) that on the web, you can't make applications that don't trust the server (and e.g. use client-side encryption) because the server sends you the code every time you open it. Basically, with Service Workers, I'm serving the code from SW cache instead, and only updating it if it matches some public log (in my case GitHub), in effect achieving some form of [Binary Transparency](https://wiki.mozilla.org/Security/Binary_Transparency) on the web. But, of course, the SW can update at any time. So, to make it secure, we need to check the new SW against GitHub as well, in the `updatefound` event, and warn the user if it doesn't match. (Of course, we can't prevent the update, but we can at least try to convince the user to close the web app before it steals their private keys.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1208
Received on Monday, 16 October 2017 14:21:33 UTC