Re: [ServiceWorker] openWindow(url)'s same origin check should be done against the origin of the final response's url? (#646) from Jungkee Song on 2015-03-09 (public-webapps-github@w3.org from March 2015)

From: Jungkee Song <notifications@github.com>
Date: Mon, 09 Mar 2015 01:48:17 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/646/77817683@github.com>

The title might make you confused. Let me clarify. The current spec actually allows cross-origin url for openWindow(url). The step 5.4 does the same-origin check (after the navigation is done - so after all the redirects, if any) just to resolve the returned promise with null rather than a WindowClient.

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/646#issuecomment-77817683

Received on Monday, 9 March 2015 08:48:45 UTC