- From: Yoshisato Yanagisawa <notifications@github.com>
- Date: Mon, 28 Jul 2025 02:56:08 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/ServiceWorker/pull/1775/review/3061659822@github.com>
@yoshisatoyanagisawa commented on this pull request.
> @@ -3065,6 +3065,11 @@ spec: storage; urlPrefix: https://storage.spec.whatwg.org/
:: Return |serviceWorker|'s [=service worker/script url=].
: The [=environment settings object/origin=]
:: Return its registering [=/service worker client=]'s [=environment settings object/origin=].
+ : The [=environment settings object/cross site ancestry=]
+ :: Return its registering [=/service worker client=]'s [=environment settings object/cross site ancestry=].
+ <div class="note">
+ Note: If service workers are not partitioned by the [=environment settings object/cross site ancestry=], clients must include logic to use the initial [=/http fetch=]'s [=/request=]'s [=request/client=]'s [=environment settings object/cross site ancestry=] when determining the "<code>SameSite</code>" mode.
Thanks for the clarification.
I understand your point that we should assume storage partitioning is present, as it's "already more or less required to address security vulnerabilities". Based on that assumption, my concern is addressed, and I agree that the note is unnecessary.
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/pull/1775#discussion_r2235651741
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/ServiceWorker/pull/1775/review/3061659822@github.com>
Received on Monday, 28 July 2025 09:56:12 UTC