- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 06 Oct 2020 03:50:44 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 6 October 2020 10:50:57 UTC
@yutakahirano so the scenario is that A embeds B and B has a shared/service worker Bsw. All have the appropriate COOP+COEP headers. But A doesn't delegate the capability to B. Now in resource-constrained environments the model allows for A and B to be in the same process and I think the idea with the capability is (please correct me if I'm wrong) that B not having access to certain features means it's harder to attack A. Now, if Bsw were to share that process, it could attack A. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/pull/1545#issuecomment-704188323
Received on Tuesday, 6 October 2020 10:50:57 UTC