[ServiceWorker] Need for linkable and reusable section that defines the https restriction (#601) from Michael van Ouwerkerk on 2015-01-13 (public-webapps-github@w3.org from January 2015)

From: Michael van Ouwerkerk <notifications@github.com>
Date: Tue, 13 Jan 2015 08:49:16 -0800
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/601@github.com>

The Push API needs to use the exact same https-based security restriction as Service Workers which appears to be here:
https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#security-considerations

Specifically, the definition should not mention Service Workers as it currently does, instead the Service Workers spec should link internally to this reusable concept.

The "sufficiently secure context" concept from Requirements for Powerful Features [1] is too lenient because it e.g. permits file schemes when determining whether the origin is trustworthy [2].

[1] http://www.w3.org/TR/powerful-features/#sufficiently-secure-context
[2] http://www.w3.org/TR/powerful-features/#is-origin-trustworthy

CC @mikewest

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/601

Received on Tuesday, 13 January 2015 16:49:49 UTC