[slightlyoff/ServiceWorker] Foreign fetch and opaque origins (#900) from Marijn Kruisselbrink on 2016-05-16 (public-webapps-github@w3.org from May 2016)

From: Marijn Kruisselbrink <notifications@github.com>
Date: Mon, 16 May 2016 10:18:01 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Cc:
Message-ID: <slightlyoff/ServiceWorker/issues/900@github.com>

Currently a foreign fetch handler can reply with a non-opaque response by including the origin of the request in the response. If a request was made from an opaque orgin this will never work though, as the origin serialized as string will always be "null", which won't actually be equal to the requests origin.

With regular CORS, a server can always reply with `Access-Control-Allow-Origin: *` to cover unique origins, but currently we don't allow wildcards in foreign fetch handlers. Should wildcards be supported? Or should opaque origins somehow be supported? Or should requests from opaque origins not hit foreign fetch workers at all, since they can't reply to them meaningfully (except if the request was `no-cors`).

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/900

Received on Monday, 16 May 2016 17:19:16 UTC