[w3c/ServiceWorker] Add WPT for an in-scope iframe inside a data URL iframe. (#1393) from Matt Falkenhagen on 2019-03-08 (public-webapps-github@w3.org from March 2019)

From: Matt Falkenhagen <notifications@github.com>
Date: Thu, 07 Mar 2019 22:52:13 -0800
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1393@github.com>

Add WPT for this case.

From https://bugs.chromium.org/p/chromium/issues/detail?id=899334#c14:
Given that data URL is now an opaque origin [1], the origin's not potentially trustworthy (per "Is origin potentially trustworthy?" algorithm in [2]), and therefore it's not secure [3], and a framed document in a non-secure context is not a secure context either [4].

[1] https://github.com/web-platform-tests/wpt/pull/3663
[2] https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy
[3] https://www.w3.org/TR/secure-contexts/#examples-framed
[4] https://www.w3.org/TR/secure-contexts/#settings-object

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1393

Received on Friday, 8 March 2019 06:52:35 UTC