W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2014

Re: SRI, cache validation and ServiceWorkers

From: Jake Archibald <jaffathecake@gmail.com>
Date: Mon, 19 May 2014 14:02:14 +0100
Message-ID: <CAJ5xic_YsmGZC1YMpLxB=pRrLKLuEVAXjMkTx+fL8c6-R+33TQ@mail.gmail.com>
To: public-webappsec@w3.org
This sounds very similar to where we got with HTTP serviceworkers. We had:

* Revalidate SW on navigation, regardless of cache headers
* Treat any non-valid response as an immediate SW unregistration

We defined "valid" as HTTP 200, JS content type, & identical content or
successful install.

I like the idea of "disabling" rather than immediate unregistration.

The captive portal thing is a big problem. Say…

* I'm at an airport
* I go the Tripit site
* It loads via its serviceworker
* Browser checks for updates to SW
* It gets a 302, due to a captive portal, SW gets disabled
* I click "Show current trip" on tripit and get thrown to the captive
portal, as the SW is gone

At this point, I can't get access to my flight details unless I pay the
captive portal for access.
Received on Monday, 19 May 2014 13:02:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC