Re: [slightlyoff/ServiceWorker] clarify secure context requirements in Handle Fetch (#890) from Jake Archibald on 2016-07-25 (public-webapps-github@w3.org from July 2016)

From: Jake Archibald <notifications@github.com>
Date: Mon, 25 Jul 2016 07:38:36 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/890/234972242@github.com>

Great catch. And ughhghghgh. Of course, a navigation to a secure origin with no means to communicate with the window that initiated the request should be considered secure.

I'm grumpy about the `target="_blank"` case here. Seems shitty that another website can stop my service worker working. We might need some kind of registration option to declaratively disown opener.

Related, but won't work for us https://github.com/w3c/webappsec/issues/517

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/890#issuecomment-234972242

Received on Monday, 25 July 2016 14:39:20 UTC