Re: [ServiceWorker] openWindow(url)'s same origin check should be done against the origin of the final response's url? (#646) from Jungkee Song on 2015-03-10 (public-webapps-github@w3.org from March 2015)

From: Jungkee Song <notifications@github.com>
Date: Mon, 09 Mar 2015 22:52:01 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/646/77999708@github.com>

> At the very least, that needs to be modified now that we have the notion of non-controlled clients.

Right. A `Client` object can capture any service worker client in the same-origin to the service worker. E.g. a `message` event posted by `registration.installing.postMessage` holds a non-controlled `Client` object in `e.source`.

> Aside: should there be a 'controlled' bit on Client objects?

Although we have a way to filter out non-controlled clients (`clients.matchAll`) already (that's the default behavior), adding `Client.activeWorker` can allow authors to check whether the retrieved clients are controlled or not and also which service worker those clients are controlled by. 

Not sure the use cases that need grasping uncontrolled clients are compelling tho.

cc/ @jakearchibald @slightlyoff 

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/646#issuecomment-77999708

Received on Tuesday, 10 March 2015 05:52:26 UTC