- From: Yoshisato Yanagisawa <notifications@github.com>
- Date: Sun, 15 Feb 2026 19:07:36 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 16 February 2026 03:07:40 UTC
yoshisatoyanagisawa left a comment (w3c/ServiceWorker#1725) Technically, it might be feasible to expose the script's hash value within the `install` or `activate` event handlers. However, providing such an API might be interpreted as an official recommendation to use these hashes for manual integrity verification. This is a complex and controversial topic, as it could lead to unintended update blocking or inconsistencies between the initial registration and subsequent update cycles. Since Service Workers are designed for continuous background updates, the traditional static Subresource Integrity (SRI) model may not be a perfect fit. We likely need further design work to fulfill these security requirements without risking version fragmentation. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1725#issuecomment-3906201199 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/1725/3906201199@github.com>
Received on Monday, 16 February 2026 03:07:40 UTC