[w3c/ServiceWorker] Require `[SecureContext]` for interfaces with `[Exposed=ServiceWorker]` or not? (Issue #1749)

The current spec only adds `[Exposed]` to all service-worker-specific interfaces except ServiceWorkerGlobalScope. Other specs also generally prefers not to give SecureContext, per webref:

* Specs with SecureContext: push-api
* Specs without SecureContext: content-index, background-sync, background-fetch, payment-handle, cookie-store, periodic-background-sync

Gecko and Blink do not add `[SecureContext]` for those interfaces but WebKit does. (For Gecko, devtools allows non-secure context to temporarily run service worker so SecureContext doesn't make a lot of sense)

Given there's no spec other than push-api that adds SecureContext I filed https://github.com/w3c/push-api/issues/397, but then found there's no explicit agreement nor guideline, and so the issue here.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1749
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/ServiceWorker/issues/1749@github.com>

Received on Sunday, 26 January 2025 16:45:34 UTC