W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: [suborigins] Accessing workers from suborigins

From: Mitar <mmitar@gmail.com>
Date: Wed, 3 Feb 2016 15:05:12 -0800
Message-ID: <CAKLmikN5-rtg6PHLLMYfF3PvM6c_NXOE1rvJ=dCB+M6HGAKijA@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>

Oh, sorry. The header at the top of the draft said that feedback
should go to this list and where the issue tracker is.  Also on GitHub
it is written "Pull requests happily reviewed." All this really makes
it feel like we can already discuss it and comment on it. Maybe a
message that it is not yet open for feedback could be added to GitHub
and the draft to avoid confusion?


On Wed, Feb 3, 2016 at 1:32 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> Hi Mitar
> thanks for your interest!
> The simple reality is that the sub-origin spec is not really at a
> stage where you can review it. We are working on figuring things out,
> checking implementation in browser as well as application use cases.
> Both spec and implementation are in serious flux. I suggest holding
> off for now: once the editors feel like it is in a reasonable shape
> for a first review, we will be sharing it on this list.
> cheers
> Dev
> On 3 February 2016 at 12:14, Mitar <mmitar@gmail.com> wrote:
>> Hi!
>> So, based on the current draft (29 January 2016), web workers should
>> work from suborigins, but currently this is not yet implemented in
>> Chrome (https://code.google.com/p/chromium/issues/detail?id=580320).
>> So this is just not yet implemented? Because I saw some tests which
>> test that you cannot create a web worker at all when suborigin is in
>> effect? Is this just temporary?
>> I would also pitch in against the current text about service workers, this part:
>>> As a result of the above restriction on Workers, since a Service Worker cannot be created by a Suborigin, no Service Workers will be able to intercept the requests of a Suborigin.
>> Please do not prevent this. We currently use service worker to
>> intercept requests from suborigins and then based on a suborigin
>> decide what to do, which resources to serve and how. As currently
>> implemented in Chrome this works well, so no need to remove/prevent
>> it. :-)
>> Mitar
>> --
>> http://mitar.tnode.com/
>> https://twitter.com/mitar_m

Received on Wednesday, 3 February 2016 23:05:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC