W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: [suborigins] Accessing workers from suborigins

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 3 Feb 2016 18:42:52 -0800
Message-ID: <CAPfop_0giNH-4D04=mEwB50S17jS2yHvJ6TpuKRWEyO=B0QqUw@mail.gmail.com>
To: Mitar <mmitar@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
sounds good. Also, I misspoke: high level feedback is valued and much
appreciated. The individual mechanics and such details are in flux.
But in any case, I will clarify in the spec soon.

On 3 February 2016 at 15:05, Mitar <mmitar@gmail.com> wrote:
> Hi!
>
> Oh, sorry. The header at the top of the draft said that feedback
> should go to this list and where the issue tracker is.  Also on GitHub
> it is written "Pull requests happily reviewed." All this really makes
> it feel like we can already discuss it and comment on it. Maybe a
> message that it is not yet open for feedback could be added to GitHub
> and the draft to avoid confusion?
>
>
> Mitar
>
> On Wed, Feb 3, 2016 at 1:32 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
>> Hi Mitar
>>
>> thanks for your interest!
>>
>> The simple reality is that the sub-origin spec is not really at a
>> stage where you can review it. We are working on figuring things out,
>> checking implementation in browser as well as application use cases.
>> Both spec and implementation are in serious flux. I suggest holding
>> off for now: once the editors feel like it is in a reasonable shape
>> for a first review, we will be sharing it on this list.
>>
>> cheers
>> Dev
>>
>> On 3 February 2016 at 12:14, Mitar <mmitar@gmail.com> wrote:
>>> Hi!
>>>
>>> So, based on the current draft (29 January 2016), web workers should
>>> work from suborigins, but currently this is not yet implemented in
>>> Chrome (https://code.google.com/p/chromium/issues/detail?id=580320).
>>> So this is just not yet implemented? Because I saw some tests which
>>> test that you cannot create a web worker at all when suborigin is in
>>> effect? Is this just temporary?
>>>
>>> I would also pitch in against the current text about service workers, this part:
>>>
>>>> As a result of the above restriction on Workers, since a Service Worker cannot be created by a Suborigin, no Service Workers will be able to intercept the requests of a Suborigin.
>>>
>>> Please do not prevent this. We currently use service worker to
>>> intercept requests from suborigins and then based on a suborigin
>>> decide what to do, which resources to serve and how. As currently
>>> implemented in Chrome this works well, so no need to remove/prevent
>>> it. :-)
>>>
>>>
>>> Mitar
>>>
>>> --
>>> http://mitar.tnode.com/
>>> https://twitter.com/mitar_m
>>>
>
>
>
> --
> http://mitar.tnode.com/
> https://twitter.com/mitar_m
Received on Thursday, 4 February 2016 02:43:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC