- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 14 Apr 2016 22:51:57 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Friday, 15 April 2016 05:52:25 UTC
Yeah, I also discussed this on the WebAppSec list: https://lists.w3.org/Archives/Public/public-webappsec/2016Jan/thread.html#msg116 (our design has changed a little bit since then, but it's still effectively the same). I did not get as much feedback as I would like though, so asking again here doesn't hurt, but I feel pretty confident with the current approach and I have the feeling I'm generally the most conservative when it comes to the same-origin policy. Also, I don't think we can consider this type of communication at the same level we consider network APIs. Folks are trying to do that with the cache API, and that kind of reasoning just doesn't apply perfectly. This is basically all client-side code talking to each other. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/878#issuecomment-210296564
Received on Friday, 15 April 2016 05:52:25 UTC