Re: [w3c/ServiceWorker] Service Workers are too hard to clean-up (Issue #1695) from gwallace-rvj on 2026-05-04 (public-webapps-github@w3.org from May 2026)

From: gwallace-rvj <notifications@github.com>
Date: Mon, 04 May 2026 10:32:01 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1695/4373088487@github.com>

gwallace-rvj left a comment (w3c/ServiceWorker#1695)

I just got bitten by this as a web bug on my site, it turns out a months old service worker from GoDaddy's parking page was sitting in my browser and executing despite the source being 404ed. I understand the need for transient/offline tolerance, but I am surprised these workers don't have a 24 hr TTL if they continue to 404. It is a huge vulnerability.

Yes, you can make new code clean them up or manually clean them in dev tools, but it still seems like a massive browser vulnerability.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1695#issuecomment-4373088487
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/ServiceWorker/issues/1695/4373088487@github.com>

Received on Monday, 4 May 2026 17:32:05 UTC