- From: Jake Archibald <notifications@github.com>
- Date: Thu, 02 Jul 2015 10:09:08 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Thursday, 2 July 2015 17:09:42 UTC
Thinking about this following a chat on IRC.
`fetch('http://...', {mode: 'no-cors'})` should fail from clients without a direct link to a single window (so, fails in SharedWorker and ServiceWorker).
An empty serviceworker shouldn't change the behaviour of mixed content.
The question is do we want to support the "podcast" app case?
`fetch('http://...', {mode: 'no-cors'})` from a window could succeed & show a mixed content warning unless "block-all-mixed-content" is set in CSP. The resolved value would be opaque.
To support this in a service worker we'd need a way to link the request to the client, which could be `event.default()` or similar, or something like `windowClient.fetch()`. This means we know where to show the warning, or fail if it cannot be shown. (added bonus: the request can be aborted if the client goes away)
If we can't build a podcast app today on the web, we're definitely losing something to native, but maybe the mixed content warning means we're losing there anyway. Perhaps it's not worth it.
---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/493#issuecomment-118094591
Received on Thursday, 2 July 2015 17:09:42 UTC