Re: [w3c/ServiceWorker] Match Service Worker Registration should assert same-origin? (#1118) from Jungkee Song on 2017-05-12 (public-webapps-github@w3.org from May 2017)

From: Jungkee Song <notifications@github.com>
Date: Thu, 11 May 2017 19:52:05 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1118/300970371@github.com>

> I believe the URL string comparison is only safe because http/https URLs serialize with a trailing slash.
> Relying on the trailing slash serialization seems extremely fragile and non-obvious to me

That's right. Now I understand your concern better. Thanks for having convinced me.

> Can Step 5 assert the matchingScope is same-origin with clientURL?

I'll add an assertion as you suggested and improve words on the note.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1118#issuecomment-300970371

Received on Friday, 12 May 2017 02:52:39 UTC