- From: Daniel Huigens <notifications@github.com>
- Date: Thu, 18 Jan 2018 07:56:40 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 18 January 2018 15:57:04 UTC
[From [https://bugzilla.mozilla.org/show_bug.cgi?id=1430999](https://bugzilla.mozilla.org/show_bug.cgi?id=1430999)] The reason I'd like this restriction to stay is the following: I'm trying to implement code signing of web applications using Service Workers. Basically, the SW checks all responses from the server, and also the new SW file when an `updatefound` event is fired. Under this security model, when the new SW runs, it is *not yet trusted* (until the old SW asynchronously checks it) and shouldn't be allowed to navigate the client. I know this is not the kind of thing the SW spec was designed for, but the spec does actually fit this use case if implemented carefully, and I'd be really grateful if it stayed thusly — I think it's a relatively important use case. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1254#issuecomment-358690578
Received on Thursday, 18 January 2018 15:57:04 UTC