- From: Andrea Canciani <notifications@github.com>
- Date: Sat, 04 May 2024 09:36:19 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/issues/1437/2094292942@github.com>
> I got the following idea to solve this: maybe opaque origins are too harsh, in that they fail same-origin checks even with themselves. If we had the ability to create unique origins that pass same-origin checks with themselves, we could use the nested iFrames approach without any server-side infrastructure. I might be misreading the [specification](https://html.spec.whatwg.org/multipage/browsers.html#origin), but AFAICT opaque origins should succeed the same-origin check exactly with themselves: > Two [origins](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin), A and B, are said to be same origin if the following algorithm returns true: > 1. If A and B are the same [opaque origin](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque), then return true. > 2. If A and B are both [tuple origins](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-tuple) and their [schemes](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-scheme), [hosts](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-host), and [port](https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-port) are identical, then return true. > 3. Return false. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1437#issuecomment-2094292942 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/1437/2094292942@github.com>
Received on Saturday, 4 May 2024 16:36:23 UTC