- From: Jungkee Song <notifications@github.com>
- Date: Wed, 16 Nov 2016 21:10:04 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/765/261156990@github.com>
@asutherland, > I think the scenario is that the page is embedding third-party content I think if the main resource to the iframe is a cross-origin resource in the first place, it should go with its own registration matching. So, I presume the use-case in the OP is loading a resource as a same origin iframe srcdoc document and expecting its subresources will be fetched through the inherited controller (and foreign fetch SWs if they're implemented and avaiable.) > I think it's worth asking whether it's more appropriate to create a logically distinct affordance like "sandboxfetch" to explicitly recognize this use-case and enable good hygiene rather than have it depend on a carefully defined spec grey-zone. Assuming the use-cases you pointed out here are iframes loading third-party *main* resource (note that object tag falls back to network early), they should get their own controller by matching a registration rather than inheriting one. In this regard, I don't think this case poses any addtional threats. Am I misunderstanding any of your concerns here? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/765#issuecomment-261156990
Received on Thursday, 17 November 2016 05:10:39 UTC