[ServiceWorker] Security consideration about the `cache` parameter of `Request` (#585) from Takeshi Yoshino on 2014-12-10 (public-webapps-github@w3.org from December 2014)

From: Takeshi Yoshino <notifications@github.com>
Date: Wed, 10 Dec 2014 01:08:30 -0800
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/585@github.com>

(Copied from https://github.com/slightlyoff/ServiceWorker/issues/398#issuecomment-66421199)

We should start reviewing each parameter carefully from security point of view.

I'm concerned that fetch() with the cache parameter set to e.g. the only-if-cached option may cause privacy leak. Like CSS :visited (http://dbaron.org/mozilla/visited-privacy), could it be abused to probe if a certain site was visited by the user?

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/585

Received on Wednesday, 10 December 2014 09:08:56 UTC