New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why does CacheStorage have [SecureContext] but not Cache? #941
Comments
That does look a bit inconsistent indeed. I wonder what would be preferred though with regard to SecureContext on interfaces. For security it doesn't really matter if these interfaces have [SecureContext] or not, as the only way to get access to instances that do things is via methods that are SecureContext only. But maybe for consistency and/or feature detection it might make sense to hide all the interfaces as well? Not sure. Similarly ServiceWorker and ServiceWorkerRegistration currently don't have [SecureContext] but ServiceWorkerContainer does... |
I can see wanting So yeah, what @mkruisselbrink said. |
If the interface doesn't do anything at all without being inside a secure context, then yeah, mark it up with |
I'd personally suggest erring on the side of putting the attribute on too many things; we can always remove it later if it turned out to be overzealous. :) |
Yeah this is just an oversight I think |
The reason was exactly that. I.e., the
Are there any other such cases yet? I can do either way but would like to have some good rationale. |
You can also get them from the global. Since that doesn't enable anything useful, you should prevent exposure there with |
They can't be gotten from a non-secure context's global, either. But it seems all agreed on putting it. I'll address it in that way. |
They can, e.g., |
Ah.. didn't know it's exposed even without a constructor. |
CC: @mikewest
The global
caches
attributes have[SecureContext]
(link) which makes sense - hide the entry points except in secure contexts.But the interfaces are inconsistent. CacheStorage has
[SecureContext]
but Cache does not. This seems inconsistent.Is this just an oversight in applying a fix for #687 ?
The text was updated successfully, but these errors were encountered: