> Also, we have previously decided that about:srcdoc and about:blank should inherit their controller from the parent context. This is implemented in firefox, but not in chrome so far. Not sure about other browsers.
Do you mean `srcdoc` / `about:black` + `allow-same-origin` or is later not required ? In my experience Firefox (Nightly) as other browsers don't seem to do that nor with `allow-same-origin` nor without. Do you by chance have tracking bug for it I can try followup there.
If `allow-same-origin` is required for `srcdoc` that does not address use described (quoting below):
> On a related note I would like to make a case for `<iframe sandbox> + SW` combination that would allow embedded to control networking of the embedded document, where embedder and embedded document are from the same origin & without `allow-same-origin`. (maybe that's what srcdoc should do ?)
>
> The use case being - Site wishes to load user uploaded content even if offline (think jsfiddle or dropbox). However site also doesn't trust uploaded content enough to share origin & storage / permissions shared across them.
Is this a good place to make a case for it ?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1390#issuecomment-465278535