Re: [w3c/ServiceWorker] Allow active service worker to manage fetch for the update logic (#1318) from Jake Archibald on 2018-06-14 (public-webapps-github@w3.org from June 2018)

From: Jake Archibald <notifications@github.com>
Date: Thu, 14 Jun 2018 07:18:57 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1318/397312608@github.com>

> So I'm guessing this is mostly to prevent people from accidentally shooting themselves into the foot and creating a service worker that caches itself forever.

Correct. It's also essential for security. Imagine a site was compromised, and an attacker was able to install an evil service worker. Once the site is back in control of the owner, they need to be able to deploy a fixed service worker, which should probably clear site storage.

Because of this, the service worker shouldn't be able to prevent updates.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1318#issuecomment-397312608

Received on Thursday, 14 June 2018 14:19:21 UTC