- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 03 Jul 2015 06:23:47 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <slightlyoff/ServiceWorker/issues/119/118349966@github.com>
Client certificates: So per https://tools.ietf.org/html/rfc5246#section-7.4.6 it seems the client certificate challenge is different enough from HTTP auth that it would require quite a few API additions, which, combined with the fact that client certificates are rarely used, would not be worth doing.
If we need to maintain client certificate support for organizations that stepped into that trap I agree with @sleevi that we should have a simple way to opt into that, e.g.
```js
var resp = fetch(url, { clientCertificateWindow: fetchEvent.client })
```
It makes `fetch()` less clean inside service workers (do we need it elsewhere?), but so be it.
Mixed Content: Requests in a service worker can affect the address bar icon. It seems though that mixed content warnings should affect all open windows and if there are no open windows we should treat this as a network error. So this should probably be a separate flag of sorts set by Service Workers that allows Fetch and Mixed Content to deal with this scenario?
HTTP auth: If you want this bring your own UI.
HTTP proxy auth: Network error, including for window? Would be great if we could do that for `fetch()` I think. Otherwise we should have something similar to client certificates for this.
---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/119#issuecomment-118349966
Received on Friday, 3 July 2015 13:24:14 UTC