- From: Jungkee Song <notifications@github.com>
- Date: Mon, 22 Feb 2016 03:51:51 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <slightlyoff/ServiceWorker/issues/831/187139872@github.com>
@domenic, there are two points that I'd like to discuss for the hooks. > It seems likely this will require modifications to HTML to allow "fetch a module script tree" to disallow cross-origin requests. Let me know exactly what they are and I can do that. My guess would be you need something like "Fetch a same-origin module script tree given url and settings object." * SW's script fetch starts at [Update](https://slightlyoff.github.io/ServiceWorker/spec/service_worker/index.html#update-algorithm) step 5. A cross-origin script is not allowed and such URL should have been already filtered out (in [Register](https://slightlyoff.github.io/ServiceWorker/spec/service_worker/index.html#register-algorithm) step 2) before invoking _fetch a classic worker script_ and _fetch a module script tree_. (For the later updates upon a successful installation, the Update uses the registration for the same origin where the installation is done against.) Besides, we allow loading cross-origin scripts via importScript(urls) called in SW. So if we expect the same behavior with worker module, _fetch a module script tree_ seems fine as-is at least about the origin restriction. * For both _fetch a classic worker script_ and _fetch a module script tree_, SW wants: * To set request's _destination_ to "serviceworker", _skip service worker flag_, _redirect mode_ to "manual", set a special header `Service-Worker`/`script`, and set request's _cache mode_ to "reload" under certain condition (see [Update]((https://slightlyoff.github.io/ServiceWorker/spec/service_worker/index.html#update-algorithm)) step 10). => Do _fetch a class worker script_ and _fetch a module script tree_ taking the worker type ("worker"/"sharedworker"/"serviceworker") and do the above things for service workers make sense? * To get a _response_ (as well as _script_) as the result of the fetch to check the response's _cache state_, MIME type (for the classic script case too), and `Service-Worker-Allowed` header. => Is it possible to change _fetch a classic worker script_ and _fetch a module script tree_ returning/exposing a response? Or should I just do prose? --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/831#issuecomment-187139872
Received on Monday, 22 February 2016 11:52:23 UTC