- From: Frederik Braun <notifications@github.com>
- Date: Mon, 15 Jun 2020 00:45:40 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 15 June 2020 07:45:54 UTC
The ["Start Register" algorithm](https://w3c.github.io/ServiceWorker/#start-register) has some checks in step 3 and 4: - step 3 checks that scheme is http or https - step 4 checks that the scriptURL's path doesn't contain "%2F" or "%5C". The only invokation of Start Register is in [ServiceWorkerContainer.register()](https://w3c.github.io/ServiceWorker/#navigator-service-worker-register), which does not apply any checks, just parsing in step 3. P.S.: This issue filed was based on a question I had directed at @annevk based on [folks requesting subresource integrity support for ServiceWorkers](https://github.com/w3c/webappsec-subresource-integrity/issues/66) - which is providing most of its on cross-origin resources only. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1518#issuecomment-643961946
Received on Monday, 15 June 2020 07:45:54 UTC