Re: [slightlyoff/ServiceWorker] clarify secure context requirements in Handle Fetch (#890) from Salvador de la Puente González on 2016-07-27 (public-webapps-github@w3.org from July 2016)

From: Salvador de la Puente González <notifications@github.com>
Date: Wed, 27 Jul 2016 10:42:31 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/890/235662836@github.com>

> I believe it's to stop the non-secure origin getting data from powerful features by poseMessage-talking to the iframe.

Notice the non-secure origin can not get data this way, getting data is only possible if the safe origin decides to send that data via `postMessage()` to `.opener` / `.parent`. Preventing HTTPS sites to communicate with HTTP sites seems to be another different issues.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/890#issuecomment-235662836

Received on Wednesday, 27 July 2016 17:43:01 UTC