- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 23 Oct 2014 14:50:17 -0700
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: Erik Corry <erikcorry@google.com>, Jake Archibald <jaffathecake@gmail.com>, Shijun Sun <shijuns@microsoft.com>, Domenic Denicola <domenic@domenicdenicola.com>, public-webapps <public-webapps@w3.org>
On Thu, Oct 23, 2014 at 2:27 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote: > On Tue, Oct 21, 2014 at 7:25 AM, Erik Corry <erikcorry@google.com> wrote: >> * Push doesn't actually need SW's ability to intercept network >> communications on behalf of a web page. >> * You can imagine a push-handling SW that does all sorts of >> complicated processing of notifications, downloading things to a local >> database, but does not cache/intercept a web page. >> * This ties into the discussion of whether it should be possible to >> register a SW without giving it a network-intercept namespace > > As was discussed over in > <https://github.com/slightlyoff/ServiceWorker/issues/445#issuecomment-60304515> > earlier today, you need a scope for all uses of SW, because you need > to *request permission* on a *page*, not within a SW (so the user has > appropriate context on whether to grant the permission or not), and > the scope maps the page to the SW that the registration is for. > > (The permission grant is actually per-origin, not per-scope/SW, but > the registration itself is per-scope/SW, and it has to be done from > within a page context because there *might* be a permission grant > needed.) Yes, you need to ask for permission within a page. But that page doesn't have to have any particular relation to the scope of the SW that it's asking for. It just needs to be same-origin with that SW. As the API is structured, any page on a website can grab any SW registration, and call registerPush or registerGeoFence on that SW registration. So I don't see how the scope of the SW matters. / Jonas
Received on Thursday, 23 October 2014 21:51:15 UTC