W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Request for input on Foreign Fetch

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 28 Jan 2016 07:22:34 -0800
Message-ID: <CADnb78jjJh8kVfgYaxS68HGtOjxct3um2RZ3DEzmjrwvAtMp2Q@mail.gmail.com>
To: Ben Gidley <ben@gidley.co.uk>
Cc: Martin Thomson <martin.thomson@gmail.com>, Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>, Marijn Kruisselbrink <mek@google.com>
On Thu, Jan 28, 2016 at 3:33 AM, Ben Gidley <ben@gidley.co.uk> wrote:
> 1) How do you know who is asking for the resource - these isn't an obvious
> way to identify them. What data will be passed into the event that allows
> that? I can see it would be useful to have some caller identification.

You would use the information on the Request class.

> 2) If I've been hacked 'once' and a bad guy installs a service worker does
> this let them mess with my traffic for an extended period.

If you have been hacked that's possible either way.

Received on Thursday, 28 January 2016 15:23:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC