- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 09 Jun 2015 07:03:12 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Tuesday, 9 June 2015 14:03:41 UTC
> The context of the page is not safe. The context of the service worker should be safe (HTTPS-only; only explicit message passing). That doesn't make sense. They are equally safe. Note that caches do not cross origins in any way. Scripts can, but they can only access the origin (and its caches) from the page they are embedded in. The only thing we should maybe consider is restricting caches to HTTPS always. It doesn't make much sense to have new ways of persistent state in an HTTP context. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/698#issuecomment-110365169
Received on Tuesday, 9 June 2015 14:03:41 UTC