Re: [ServiceWorker] Make secure context requirements more explicit (#754) from Jake Archibald on 2015-10-05 (public-webapps-github@w3.org from October 2015)

From: Jake Archibald <notifications@github.com>
Date: Mon, 05 Oct 2015 08:31:57 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/754/145571063@github.com>

>From https://code.google.com/p/chromium/issues/detail?id=489670

@mikewest

> This is expected behavior, as per https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-secure.
>
> We didn't do this for WebCrypto, and the result was Netflix writing a 1:1 postMessage-based wrapper. That's not something we can support while maintaining the guarantees that locking an API to HTTPS is supposed to provide

Related bug https://github.com/slightlyoff/ServiceWorker/issues/700 - this feels like a dupe?

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/754#issuecomment-145571063

Received on Monday, 5 October 2015 15:32:39 UTC