- From: Jungkee Song <notifications@github.com>
- Date: Wed, 16 Nov 2016 20:22:41 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/765/261151830@github.com>
To clarify the spec point of view first, > Since about:blank iframes inherit the origin from the parent, I don't see why they shouldn't inherit the controller as well. Without this how can a page programmatically build an iframe DOM in an offline state? Elements added to the child frame wouldn't be intercepted. You're right. I was focusing only on the document's URL and registration matching perspective and missed the point that they inherit the origin. (I confirmed it by testing with the browsers a bit but am still looking for the specific steps in the specs that inherit the origin though.) That said, the behavior should be somewhat opposite to what I said in my note above. So, iframes without having their src set to https URLs will inherit the parent's controller. When `sandbox` attribute is set without `allow-same-origin` token, it won't get a controller. > But it also does seem a bit arbitrary, as in where do we draw the line. Should all same origin iframes that have a URL that can't possibly be in scope of a service worker inherit the controller from their parent (for example blob URLs)? I think so. The way how they're dealt with is the same as the `about:blank` case (not reaching http fetch to get the resources), and the fact that those iframes inherit the origin seems like a basic premise that they should get the parent's controller. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/765#issuecomment-261151830
Received on Thursday, 17 November 2016 04:23:15 UTC