- From: Mohamed Hussain S H <notifications@github.com>
- Date: Mon, 08 Jul 2019 04:22:17 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/658/509185964@github.com>
> Regarding our [twitter exchange](https://twitter.com/slsoftworks/status/581863309797924864) - as it turns out Firefox has its own method for easing debugging/development on non-trivial setups - those that require more than a static storage (ie. gh-pages). > > Firefox uses the `dom.serviceWorkers.testing.enabled` setting - which, when set to true it disables the HTTPS-restriction on service workers completely (IIUC). One might argue that is too much of a vulnerability _(as leaving that setting open would make it so the browser is completely unprotected on all sites - practically removing all security provided by the feature in the first place)_. > > One could also argue, that I should be filing this at Chromium dev (and that might be also true) however widespreed acceptance among big-league players could very much depend on solving the issue of integrating Service Worker development into current developer practices, so I think it might be useful to have at least guidelines in the spec for UA-s to ease development. > > I would suggest, that a configuration setting (that would ship stable & developer versions alike) as the one above used in Firefox would solve the stated use cases (deliberately enabling testing on developer-owned devices), while requiring the **configuration value to be set to a domain name** (_only service workers located on said domain would be able to bypass HTTPS check_) would fix the problem of leaving one's device completely open for attacks on other sites. > > This would effectively be an expansion on how browsers currently handle `localhost` as a special case — comments on this would be much welcome. what about the android firefox browser, not able to go to about:config and change the setting there? second point is how can we debug the service worker script for mobile firefox, for desktop we could do about:debugging#workers? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/658#issuecomment-509185964
Received on Monday, 8 July 2019 11:22:40 UTC