[ServiceWorker] self.caches should spec what to do for "untrusted" origins (#687) from Ben Kelly on 2015-04-24 (public-webapps-github@w3.org from April 2015)

From: Ben Kelly <notifications@github.com>
Date: Fri, 24 Apr 2015 13:20:42 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/687@github.com>

Currently `self.caches` is spec'd to always return a CacheStorage object.  Clearly, there are cases where this should not be done.  For example, in a context with a synthetic origin such as a sandboxed iframe or data URI worker.  The spec does not say what to do in these cases.

The web-platform-tests from blink show that the blink implementation throws SecurityError in this case.  That seems reasonable.

I believe @ehsan would prefer we just hide the `self.caches` property in these cases.

Thoughts?

@jakearchibald @slightlyoff @jungkees @annevk 

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/687

Received on Friday, 24 April 2015 20:21:09 UTC