Re: [w3c/ServiceWorker] Scope matching algorithm breaks sites that don't end in a slash (#1272) from Jake Archibald on 2018-02-12 (public-webapps-github@w3.org from February 2018)

From: Jake Archibald <notifications@github.com>
Date: Mon, 12 Feb 2018 10:42:42 -0800
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1272/365021059@github.com>

**Problem 1:** An app is hosted at `/foo/`, but `/foo` should also work offline, ideally by being controlled by the same service worker. While the scope of the service worker could be set to `/foo`, that would also control `/foot`, which is a different site, and the logic in `/foo`'s service worker may break this site.

**Problem 2:** An app hosted at `/` may have its own service worker. URLs such as `/login/` may be part of that app and use the same service worker, whereas `/foo/` is a different app, and should use its own, or no service worker.

**Problem 3:** An app hosted at `example.com/` is also hosted/redirected from `example.co.uk/`, and both URLs should work offline.

Is that a fair description of the problems?

**Possible solution 1:** Distinct apps should have their own origin, eg `foo.example.com` rather than `example.com/foo/`. This is the preferred solution as origins are the boundary of the web, and therefore the model we should be aiming for.

However, large parts of the web aren't built with this in mind, so for those sites:

**Possible solution 2:** Sub-origins. These allow arbitrary URLs to become part of another origin, allowing `/` and `/login/*` to be one origin, `/foo` and `/foo/*` to be another, and `/foot/*` to be yet another. This comes with the benefits of origin security.

However, since the sub-origin is assigned at response time, it isn't clear to me how this can work with service worker, which needs to select a controlling registration before the request.

**Possible solution 3:** Add secondary scopes with optional exact-matching. This way you could have service workers scoped to:

* `/foo/` (prefix) but also `/foo` (exact) and `/foo?` (prefix).
* `/` (exact) but also `/?` (prefix) but also `/login` (exact) and `/login?` (prefix).

However, this creates big questions around the expected behaviour of `getRegistration()`. Also, given the mutability of secondary scopes, it creates problems around two registrations trying to have the same scope, and I imagine it'd be really tough to move a scope between service workers (eg, imagine `/login/` wanted to get its own service worker).

Also, although problem 3 is real-world and creates the same user experience issues as 1 & 2, are we happy to WONTFIX that?

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1272#issuecomment-365021059

Received on Monday, 12 February 2018 18:43:08 UTC