[w3c/ServiceWorker] Discuss the maxScopeString and Service-Worker-Allowed in security considerations (#1405) from Jeffrey Yasskin on 2019-05-06 (public-webapps-github@w3.org from May 2019)

From: Jeffrey Yasskin <notifications@github.com>
Date: Mon, 06 May 2019 15:27:55 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1405@github.com>

[`Service-Worker-Allowed`](https://w3c.github.io/ServiceWorker/#service-worker-allowed) and the [*maxScopeString* in Update](https://w3c.github.io/ServiceWorker/#update-algorithm) exist to protect sites that allow different users to operate within different paths but don't want those users to overwrite each other's content. This could use some discussion in the [Security Considerations](https://w3c.github.io/ServiceWorker/#security-considerations) since it's not particularly obvious that there is this protection or what its limits are.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1405

Received on Monday, 6 May 2019 22:28:18 UTC