W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: [suborigins] Accessing workers from suborigins

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 3 Feb 2016 13:32:13 -0800
Message-ID: <CAPfop_2t258CiLJCbzXNcvKd2f2DAtsw_HEepugAHVUt_PS_8Q@mail.gmail.com>
To: Mitar <mmitar@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Mitar

thanks for your interest!

The simple reality is that the sub-origin spec is not really at a
stage where you can review it. We are working on figuring things out,
checking implementation in browser as well as application use cases.
Both spec and implementation are in serious flux. I suggest holding
off for now: once the editors feel like it is in a reasonable shape
for a first review, we will be sharing it on this list.

cheers
Dev

On 3 February 2016 at 12:14, Mitar <mmitar@gmail.com> wrote:
> Hi!
>
> So, based on the current draft (29 January 2016), web workers should
> work from suborigins, but currently this is not yet implemented in
> Chrome (https://code.google.com/p/chromium/issues/detail?id=580320).
> So this is just not yet implemented? Because I saw some tests which
> test that you cannot create a web worker at all when suborigin is in
> effect? Is this just temporary?
>
> I would also pitch in against the current text about service workers, this part:
>
>> As a result of the above restriction on Workers, since a Service Worker cannot be created by a Suborigin, no Service Workers will be able to intercept the requests of a Suborigin.
>
> Please do not prevent this. We currently use service worker to
> intercept requests from suborigins and then based on a suborigin
> decide what to do, which resources to serve and how. As currently
> implemented in Chrome this works well, so no need to remove/prevent
> it. :-)
>
>
> Mitar
>
> --
> http://mitar.tnode.com/
> https://twitter.com/mitar_m
>
Received on Wednesday, 3 February 2016 21:33:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC