- From: Jake Archibald <jaffathecake@gmail.com>
- Date: Mon, 19 May 2014 14:02:14 +0100
- To: public-webappsec@w3.org
Received on Monday, 19 May 2014 13:02:47 UTC
This sounds very similar to where we got with HTTP serviceworkers. We had: * Revalidate SW on navigation, regardless of cache headers * Treat any non-valid response as an immediate SW unregistration We defined "valid" as HTTP 200, JS content type, & identical content or successful install. I like the idea of "disabling" rather than immediate unregistration. The captive portal thing is a big problem. Say… * I'm at an airport * I go the Tripit site * It loads via its serviceworker * Browser checks for updates to SW * It gets a 302, due to a captive portal, SW gets disabled * I click "Show current trip" on tripit and get thrown to the captive portal, as the SW is gone At this point, I can't get access to my flight details unless I pay the captive portal for access.
Received on Monday, 19 May 2014 13:02:47 UTC