Re: [slightlyoff/ServiceWorker] Foreign fetch vs non-credentialed requests (#878) from Joel Weinberger on 2016-04-15 (public-webapps-github@w3.org from April 2016)

From: Joel Weinberger <notifications@github.com>
Date: Fri, 15 Apr 2016 07:49:50 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/878/210490242@github.com>

I lean towards "as is," since it really is B foot-gunning itself, although it does seem a bit too easy for a developer to go awry. I was wondering about having separate handler registrations for 'credentialed' and 'non-credentialed' requests, which I think maybe what @wanderview is suggesting.

Also, perhaps I'm just confused (or maybe this is orthogonal), but what happens if B returns an opaque, credentialed response from C? That is, A makes a non-credentialed request to B. B's SW's foreign-fetch handler returns an object it earlier fetched from C, with credentials. This seems like a particularly weird relationship, because C thought it was responding to a credentialed request, and A thought it was making a non-credentialed request, and neither one can possible know about what's going on. I'm afraid I'm just confused, though, and this probably doesn't matter.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/878#issuecomment-210490242

Received on Friday, 15 April 2016 14:50:21 UTC