Re: [ServiceWorker] self.caches should spec what to do for "untrusted" origins (#687) from Jungkee Song on 2015-04-30 (public-webapps-github@w3.org from April 2015)

From: Jungkee Song <notifications@github.com>
Date: Wed, 29 Apr 2015 18:23:42 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/687/97628227@github.com>

So I think the way to go is like rejecting with a SecurityError exception when the service worker client's origin is a synthetic origin like a sandboxed iframe or data URI worker.

I'm thinking of adding this step:
If the incumbent settings object's origin is not a scheme/host/port tuple, then return a promise rejected with a SecurityError exception.

Do we have any better reference concept that better grabs "untrusted" origins for this case?
/cc @annevk @mikewest

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/687#issuecomment-97628227

Received on Thursday, 30 April 2015 01:24:08 UTC