[w3c/ServiceWorker] how can unregister()'s same-origin check ever fail? (#1305) from Ben Kelly on 2018-04-20 (public-webapps-github@w3.org from April 2018)

From: Ben Kelly <notifications@github.com>
Date: Fri, 20 Apr 2018 14:21:26 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1305@github.com>

Currently the first step of unregister is:

```
1. If the origin of job’s scope url is not job’s client's origin, then:
  1. Invoke Reject Job Promise with job and "SecurityError" DOMException.
  2. Invoke Finish Job with job and abort these steps.
```

In this case the scope URL is the scope from the ServiceWorkerRegistration.  For this to fail a ServiceWorkerRegistration would have to be exposed in a cross-origin client context.

That doesn't seem possible... And if it is, there are probably bigger problems we need to fix.

Can we remove these steps from the spec?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1305

Received on Friday, 20 April 2018 21:21:47 UTC