New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should foreign fetch work same-origin? #826
Comments
That's an interesting question. Fetches from that SW should definitely not go through its own foreign fetch handler, so at some point we'd need to somewhat special case same origin foreign fetch. I'm not sure about request from same origin uncontrolled pages (or even same origin but distinct service workers). I think there is pretty much three options:
I think of these options maybe 3. would be the least confusing? |
I guess it comes down to how distinctly we'd want to consider distinct apps that exist on the same origin. Eg github pages, and well, Google.com |
Ah, more joyous fallout from |
I see the point on going against this feature as if we accept it, it would be like going against the need of having two different events (as you could reimplement fetch on the top of same-origin foreign fetch). Maybe we should rethink if foreign fetch can not be simply a special case of fetch. I'm not talking at implementation level but at user level. |
I actually started out with using the same event for foreign fetch and fetch. But I think the need to deal with CORS like behavior (expose responses to explicit origins etc) is a good enough reason to have separate events, as it makes the API easier to use. And even with two separate events it's not that hard to share 99% of the code for both event handlers, and at least you have to be somewhat conscious about the fact that you're possibly exposing data cross origin. |
Then perhaps make sense to force foreign fetch to not handle same origin requests. |
Closing this issue as not handling same origin requests with foreign fetch is already what is specified (step 9 in Handle Foreign Fetch). |
If I register a SW with scope
/
, let it install, and activate, but do not refresh so my page remains uncontrolled, will a subresource request for/foo
go through the foreign fetch handler of the new worker?What if I shift-reload the page to avoid this page being controlled?
The text was updated successfully, but these errors were encountered: