Hi, It seem today implementations across major browsers do not seem to delegate request from the document inside `<iframe sandbox="allow-same-origin" src="./inner" />` to the SW controlling the embedded even if it falls under the same scope. Same is true if `srcdoc` is used. From what I can tell spec does not seem to specify behavior here & intuitively I would expect that to behave differently from what implementations seem to converge on. On a related note I would like to make a case for `<iframe sandbox> + SW` combination that would allow embedded to control networking of the embedded document, where embedder and embedded document are from the same origin & without `allow-same-origin`. (maybe that's what srcdoc should do ?) The use case being - Site wishes to load user uploaded content even if offline (think jsfiddle or dropbox). However site also doesn't trust uploaded content enough to share origin & storage / permissions shared across them. I believe some setup like `<iframe sandbox service-worker="./service.js" src="./inner">` could be an effective way to provide such behavior. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1390
Received on Tuesday, 19 February 2019 18:57:40 UTC