- From: Ben Kelly <notifications@github.com>
- Date: Wed, 01 Jul 2020 10:24:08 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 1 July 2020 17:24:21 UTC
While working on my scope pattern effort I ran into a weird corner case that I'm unsure of what the spec intends.
Currently the spec explicitly removes the fragment component of the scope URL, but leaves all other components. See step 2 in register:
https://w3c.github.io/ServiceWorker/#start-register-algorithm
But does this mean that if a URL has embedded credentials they end up in the scope? So does this:
```js
navigator.serviceWorker.register(script, {
scope: 'https://foo:bar@example.com/'
});
```
Result in a scope string of `https://foo:bar@example.com/'? Based on the rest of the spec it seems this would only match documents loaded with the `foo:bar` credential in the URL? Is this intended?
There is one service worker WPT that uses URL credentials here:
https://github.com/web-platform-tests/wpt/blob/master/service-workers/service-worker/fetch-event-redirect.https.html
But it only tests subresource loading with URL credentials and not navigations.
@annevk @jakearchibald WDYT?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1520
Received on Wednesday, 1 July 2020 17:24:21 UTC