Re: [REFERRER] Where does "Determine request’s Referrer" get its URL from? from Ian Hickson on 2014-07-31 (public-webappsec@w3.org from July 2014)

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 31 Jul 2014 15:14:34 +0000 (UTC)
To: Anne van Kesteren <annevk@annevk.nl>
cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <alpine.DEB.2.00.1407311458310.8748@ps20323.dreamhostps.com>

On Thu, 31 Jul 2014, Anne van Kesteren wrote:
> On Wed, Jul 30, 2014 at 9:30 PM, Ian Hickson <ian@hixie.ch> wrote:
> > On Wed, 30 Jul 2014, Anne van Kesteren wrote:
> >> Say a worker invokes importScripts(). That invokes the service worker.
> >> In the service worker a field named "client" is exposed in either the
> >> event or the Request object associated with the event. That "client"
> >> holds a message channel for the worker.
> >>
> >> It's equivalent in a document environment with an <img> or a
> >> background-image in an associated style sheet.
> >
> > I still don't understand. What do you mean by "field"? Like, an IDL
> > attribute? What do you mean by "message channel", do you mean a
> > MessagePort? What do you mean by "for the worker"? I don't understand how
> > any of this would have an equivalent for <img> or CSS.
> 
> Specifically, an attribute on the event object that returns a client
> object: https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#client

The Client object here doesn't seem to have much to do with the "client" 
concept in the fetch specification. One is a JS Object in the 
ServiceWorker scope. The other is a JS Lexical Environment with a null 
outer environment reference.

What I was asking is why does fetch use a global environment as one of the 
concepts it tracks, instead of, say, an event loop, a script settings 
object, or a global object.

BTW, the current logic for MessagePorts in the ServiceWorker spec is 
incomplete. There's only one port, as far as I can tell. It's entirely 
defined in a non-normative note (though that note has "must"s). That note 
is rather ambiguous (e.g. what task is used to redispatch the events? Is 
the data in the event maintained? How is the event created?) What does 
postMessage() on Client do? (It has no normative description.) Why are we 
posting messages to the Window object? Or the SharedWorkerGlobalScope 
object? How would messages be posted back? I honestly can't tell, from 
reading the bit about messages, where the Client object would be visible 
from (inside the ServiceWorker, or inside the environment that caused the 
fetch?). The IDL suggests one answer, but the prose suggests the opposite.

I'm not really clear on what these communication mechanisms are for, 
exactly, so it's hard to evaluate if they make sense in general.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 31 July 2014 15:15:04 UTC