- From: Marijn Kruisselbrink <notifications@github.com>
- Date: Wed, 13 Jan 2016 12:29:05 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <slightlyoff/ServiceWorker/pull/751/c171423246@github.com>
> I think it's a very bad idea to reuse the fetch event. I don't think we should do that. Okay, changed it to use a separate foreignfetch event (although it was my (apparently mistaken) understanding from our conversation at TPAC that using the same event would probable be okay). I don't have a strong opinion on same vs. different event, and most people seem to have at least the initial reaction that this should be a separate event, so making it a separate event is probably the way to go. > We shouldn't use withCredentials since that is XMLHttpRequest terminology. Agreed; not sure what the best name is. Things like "dontOmitCredentials" would be even worse (with the double negation etc), but I guess naming this also somewhat depends on what exactly it is going to do. > If the request is without credentials, this also needs to affect the used service worker in some way. Otherwise there's still ambient authority leakage. Agreed here as well, although unfortunately I'm not quite familiar enough with all the details/intricacies around the fetch spec, cors and authority leakage to really come up with what exactly the desired effect here is going to be. Hopefully something we can discuss at the SW F2F. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/pull/751#issuecomment-171423246
Received on Wednesday, 13 January 2016 20:29:35 UTC