- From: Matt Falkenhagen <notifications@github.com>
- Date: Thu, 23 May 2019 21:29:19 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 24 May 2019 04:29:42 UTC
Just checking, @aliams @asutherland @wanderview @youennf @jakearchibald does this change sound good? The proposal is `Service-Worker-Allowed: https://cross-origin.com` will throw a SecurityError when served on `https://example.com/sw.js`. The previous behavior is that only the path of the URL matters, so it's effectively the same as `Service-Worker-Allowed: /`. The WPT that would change is here: https://wpt.fyi/results/service-workers/service-worker/Service-Worker-Allowed-header.https.html?label=master&product=chrome%5Bexperimental%5D&product=edge&product=firefox%5Bexperimental%5D&product=safari%5Bexperimental%5D&aligned According to the results, Edge implements the proposed change, and the other browsers implement the current spec. There is no particular reason for the change, it just seems odd for the value to be a URL whose origin is ignored; if we wanted to do that it should just be specified as a path. On the other hand, if the spec churn isn't worth it, I can just drop this. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1307#issuecomment-495468255
Received on Friday, 24 May 2019 04:29:42 UTC