Re: [w3c/ServiceWorker] Create service worker from Blob/String URL (#578) from Le Hash on 2024-08-19 (public-webapps-github@w3.org from August 2024)

From: Le Hash <notifications@github.com>
Date: Sun, 18 Aug 2024 23:07:35 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/578/2295736961@github.com>

There is more probability in being infected by the server in the long run if things are mutable

An immutable service worker implies an immutable webapp if cached properly

This would annihilate any possibility of server-side attack once first downloaded

Also if your webapp is infected (via XSS or supply-chain), it's probably already game over

Just let the developer choose between mutable and immutable service workers

The developer is probably the best person to evaluate such risk-benefit

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/578#issuecomment-2295736961
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/ServiceWorker/issues/578/2295736961@github.com>

Received on Monday, 19 August 2024 06:07:39 UTC