Re: [w3c/ServiceWorker] `<iframe sandbox />` + SW (#1390) from Irakli Gozalishvili on 2019-02-19 (public-webapps-github@w3.org from February 2019)

From: Irakli Gozalishvili <notifications@github.com>
Date: Tue, 19 Feb 2019 19:35:43 +0000 (UTC)
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1390/465278535@github.com>

> Also, we have previously decided that about:srcdoc and about:blank should inherit their controller from the parent context. This is implemented in firefox, but not in chrome so far. Not sure about other browsers.

Do you mean `srcdoc` / `about:black` + `allow-same-origin` or is later not required ? In my experience Firefox (Nightly) as other browsers don't seem to do that nor with `allow-same-origin` nor without. Do you by chance have tracking bug for it I can try followup there.

If `allow-same-origin` is required for `srcdoc` that does not address use described (quoting below):

> On a related note I would like to make a case for `<iframe sandbox> + SW` combination that would allow embedded to control networking of the embedded document, where embedder and embedded document are from the same origin & without `allow-same-origin`. (maybe that's what srcdoc should do ?)
>
> The use case being - Site wishes to load user uploaded content even if offline (think jsfiddle or dropbox). However site also doesn't trust uploaded content enough to share origin & storage / permissions shared across them.

Is this a good place to make a case for it ?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1390#issuecomment-465278535

Received on Tuesday, 19 February 2019 19:36:05 UTC