Re: [ServiceWorker] Make secure context requirements more explicit (#754) from Ben Kelly on 2015-11-10 (public-webapps-github@w3.org from November 2015)

From: Ben Kelly <notifications@github.com>
Date: Mon, 09 Nov 2015 18:51:40 -0800
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/754/155266756@github.com>

Is it intended that .register() now allows file:// URLs?   It simply says:

> * If the result of running Is origin potentially trustworthy with the origin of scriptURL as the argument is Not Trusted, then:
>  * Return a promise rejected with a "SecurityError" exception.

But the Is origin potentially trustworthy algorithm now allows file schemes:

> If origin's scheme component is file, return "Potentially Trustworthy".

Note, Cache API still does explicitly requires http or https URLs for all Requests.  So its not really feasible to load a site from file:// and have the service worker function correctly.

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/754#issuecomment-155266756

Received on Tuesday, 10 November 2015 02:52:08 UTC