Re: [w3c/ServiceWorker] Secure context language is redundant/contradicts secure context spec (#1125) from Matt Falkenhagen on 2017-05-02 (public-webapps-github@w3.org from May 2017)

From: Matt Falkenhagen <notifications@github.com>
Date: Tue, 02 May 2017 00:35:33 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1125/298528503@github.com>

Sure, it'd make sense for the first two sentences to be normative, and the rest to be a non-normative note. Something like this:

Service workers must execute in secure contexts. Service worker clients must also be secure contexts to register a service worker registration, to get access to the service worker registrations and the service workers, to do messaging with the service workers, and to be manipulated by the service workers.

Note: This effectively means that service workers and their service worker clients should be hosted over HTTPS. A user agent may allow localhost, 127.0.0.0/8, and ::1/128 for development purposes. The primary reason for this restriction is to protect users from the risks associated with insecure contexts.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1125#issuecomment-298528503

Received on Tuesday, 2 May 2017 07:36:38 UTC