- From: cinolt <notifications@github.com>
- Date: Wed, 23 Feb 2022 08:41:46 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 23 February 2022 16:41:59 UTC
For example, if an app called "notepad.com" allowed users to write and save documents offline in a Service Worker, there is no way for "chat.com" to access the documents saved by "notepad.com", because when "chat.com" tries to fetch from a Service Worker controlled scope of "notepad.com", the browser refuses to contact the Service Worker and tries to fetch it normally, even though there is a Service Worker registered there. According to the spec, "The reason for this restriction is that [service workers](https://www.w3.org/TR/service-workers/#dfn-service-worker) create the opportunity for a bad actor to turn a bad day into a bad eternity.", but doesn't explain why. Please provide a concrete example as to why this "Origin restriction" is necessary. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1628 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/1628@github.com>
Received on Wednesday, 23 February 2022 16:41:59 UTC