index.html

<!doctype html><html lang="en">
 <head>
  <meta http-equiv="refresh" content="0; url=https://w3c.github.io/webappsec-secure-contexts/">
  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  <title>Secure Contexts</title>
  <link href="../default.css" rel="stylesheet" type="text/css">
<style>
  body {
    background: url("https://www.w3.org/StyleSheets/TR/logo-ED") top left no-repeat white;
    background-attachment: fixed;
    color: black;
    font-family: sans-serif;
    margin: 0 auto;
    max-width: 50em;
    padding: 2em 1em 2em 70px;
  }
  :link { color: #00C; background: transparent }
  :visited { color: #609; background: transparent }
  a[href]:active { color: #C00; background: transparent }
  a[href]:hover { background: #ffa }

  a[href] img { border-style: none }

  h1, h2, h3, h4, h5, h6 { text-align: left }
  h1, h2, h3 { color: #005A9C; }
  h1 { font: 170% sans-serif }
  h2 { font: 140% sans-serif }
  h3 { font: 120% sans-serif }
  h4 { font: bold 100% sans-serif }
  h5 { font: italic 100% sans-serif }
  h6 { font: small-caps 100% sans-serif }

  .hide { display: none }

  div.head { margin-bottom: 1em }
  div.head h1 { margin-top: 2em; clear: both }
  div.head table { margin-left: 2em; margin-top: 2em }

  p.copyright { font-size: small }
  p.copyright small { font-size: small }

  pre { margin-left: 2em }
  dt { font-weight: bold }

  ul.toc, ol.toc {
    list-style: none;
  }
  </style>
  <meta content="Bikeshed 1.0.0" name="generator">
<style>
    .secure {
      fill: #8F8;
    }
    .non-secure {
      fill: #F88;
    }
    rect, circle {
      stroke-width: 2;
      stroke: black;
      fill-opacity: 0.75;
    }
    text {
      font-family: monospace;
    }
    text.rejection {
      fill: #F00;
      font-weight: 700;
      font-size: 2em;
    }
    g path {
      stroke-width: 2px;
      stroke: #666;
      fill-opacity: 0;
      stroke-dasharray: 5px, 5px;
    }
  </style>
 </head>
 <body class="h-entry">
  <div class="head">
   <p data-fill-with="logo"><a class="logo" href="http://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/Icons/w3c_home" width="72"> </a> </p>
   <h1 class="p-name no-ref" id="title">Secure Contexts</h1>
   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2015-09-25">25 September 2015</time></span></h2>
   <div data-fill-with="spec-metadata">
    <dl>
     <dt>This version:
     <dd><a class="u-url" href="https://w3c.github.io/webappsec/specs/powerfulfeatures/">https://w3c.github.io/webappsec/specs/powerfulfeatures/</a>
     <dt>Latest version:
     <dd><a href="http://www.w3.org/TR/powerful-features/">http://www.w3.org/TR/powerful-features/</a>
     <dt>Previous Versions:
     <dd><a href="http://www.w3.org/TR/2014/WD-powerful-features-20141204/" rel="previous">http://www.w3.org/TR/2014/WD-powerful-features-20141204/</a>
     <dt>Version History:
     <dd><a href="https://github.com/w3c/webappsec/commits/master/specs/powerfulfeatures/index.src.html">https://github.com/w3c/webappsec/commits/master/specs/powerfulfeatures/index.src.html</a>
     <dt>Feedback:
     <dd><span><a href="mailto:public-webappsec@w3.org?subject=%5Bpowerful-features%5D%20YOUR%20TOPIC%20HERE">public-webappsec@w3.org</a> with subject line “<kbd>[powerful-features] <var>… message topic …</var></kbd>” (<a href="http://lists.w3.org/Archives/Public/public-webappsec/" rel="discussion">archives</a>)</span>
     <dt class="editor">Editors:
     <dd class="editor p-author h-card vcard" data-editor-id="56384"><a class="p-name fn u-email email" href="mailto:mkwst@google.com">Mike West</a> (<span class="p-org org">Google Inc.</span>)
     <dd class="editor p-author h-card vcard" data-editor-id="75060"><a class="p-name fn u-email email" href="mailto:yzhu@yahoo-inc.com">Yan Zhu</a> (<span class="p-org org">Yahoo! Inc.</span>)
     <dt>Participate:
     <dd><span><a href="https://github.com/w3c/webappsec/issues/new?title=SECURE:%20">File an issue</a> (<a href="https://github.com/w3c/webappsec/labels/SECURE">open issues</a>)</span>
    </dl>
   </div>
   <div data-fill-with="warning"></div>
   <p class="copyright" data-fill-with="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2015 <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>). W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply. </p>
   <hr title="Separator for header">
  </div>
  <h2 class="no-num no-toc no-ref heading settled" id="abstract"><span class="content">Abstract</span></h2>
  <div class="p-summary" data-fill-with="abstract">
   <p>This specification defines "secure contexts", thereby allowing user agent

implementers and specification authors to enable certain features only when
certain minimum standards of authentication and confidentiality are met.</p>
  </div>
  <h2 class="no-num no-toc no-ref heading settled" id="status"><span class="content">Status of this document</span></h2>
  <div data-fill-with="status">
   <p> This is a public copy of the editors’ draft.
	It is provided for discussion only and may change at any moment.
	Its publication here does not imply endorsement of its contents by W3C.
	Don’t cite this document other than as work in progress. </p>
   <p> <strong>Changes to this document may be tracked at <a href="https://github.com/w3c/webappsec">https://github.com/w3c/webappsec</a>.</strong> </p>
   <p> The (<a href="http://lists.w3.org/Archives/Public/public-webappsec/">archived</a>) public mailing list <a href="mailto:public-webappsec@w3.org?Subject=%5Bpowerful-features%5D%20PUT%20SUBJECT%20HERE">public-webappsec@w3.org</a> (see <a href="http://www.w3.org/Mail/Request">instructions</a>)
	is preferred for discussion of this specification.
	When sending e-mail,
	please put the text “powerful-features” in the subject,
	preferably like this:
	“[powerful-features] <em>…summary of comment…</em>” </p>
   <p> This document was produced by the <a href="http://www.w3.org/2011/webappsec/">Web Application Security Working Group</a>. </p>
   <p> This document was produced by a group operating under
	the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>.
	W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/49309/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the deliverables of the group;
	that page also includes instructions for disclosing a patent.
	An individual who has actual knowledge of a patent which the individual believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the W3C Patent Policy</a>. </p>
   <p> This document is governed by the <a href="http://www.w3.org/2015/Process-20150901/" id="w3c_process_revision">1 September 2015 W3C Process Document</a>. </p>
   <p></p>
  </div>
  <div data-fill-with="at-risk"></div>
  <h2 class="no-num no-toc no-ref heading settled" id="contents"><span class="content">Table of Contents</span></h2>
  <div data-fill-with="table-of-contents" role="navigation">
   <ul class="toc" role="directory">
    <li>
     <a href="#intro"><span class="secno">1</span> <span class="content">Introduction</span></a>
     <ul class="toc">
      <li>
       <a href="#examples"><span class="secno">1.1</span> <span class="content">Examples</span></a>
       <ul class="toc">
        <li><a href="#examples-top-level"><span class="secno">1.1.1</span> <span class="content">Top-level Documents</span></a>
        <li><a href="#examples-framed"><span class="secno">1.1.2</span> <span class="content">Framed Documents</span></a>
        <li><a href="#examples-workers"><span class="secno">1.1.3</span> <span class="content">Web Workers</span></a>
        <li><a href="#examples-shared-workers"><span class="secno">1.1.4</span> <span class="content">Shared Workers</span></a>
        <li><a href="#examples-service-workers"><span class="secno">1.1.5</span> <span class="content">Service Workers</span></a>
       </ul>
     </ul>
    <li>
     <a href="#framework"><span class="secno">2</span> <span class="content">Framework</span></a>
     <ul class="toc">
      <li>
       <a href="#monkey-patching"><span class="secno">2.1</span> <span class="content">Modifications to HTML</span></a>
       <ul class="toc">
        <li><a href="#monkey-patching-shared-workers"><span class="secno">2.1.1</span> <span class="content">Shared Workers</span></a>
        <li><a href="#monkey-patching-global-object"><span class="secno">2.1.2</span> <span class="content">Feature Detection</span></a>
       </ul>
     </ul>
    <li>
     <a href="#algorithms"><span class="secno">3</span> <span class="content">Algorithms</span></a>
     <ul class="toc">
      <li><a href="#settings-object"><span class="secno">3.1</span> <span class="content"> Is <var>settings object</var> a secure context? </span></a>
      <li><a href="#is-origin-trustworthy"><span class="secno">3.2</span> <span class="content"> Is <var>origin</var> potentially trustworthy? </span></a>
      <li><a href="#gather-ancestors"><span class="secno">3.3</span> <span class="content"> Gather <var>document</var>’s relevant ancestors </span></a>
     </ul>
    <li>
     <a href="#threat-models-risks"><span class="secno">4</span> <span class="content"> Threat models and risks </span></a>
     <ul class="toc">
      <li>
       <a href="#threat-models"><span class="secno">4.1</span> <span class="content">Threat Models</span></a>
       <ul class="toc">
        <li><a href="#threat-passive"><span class="secno">4.1.1</span> <span class="content">Passive Network Attacker</span></a>
        <li><a href="#threat-active"><span class="secno">4.1.2</span> <span class="content">Active Network Attacker</span></a>
       </ul>
      <li><a href="#threat-risks"><span class="secno">4.2</span> <span class="content">Risks associated with non-secure contexts</span></a>
     </ul>
    <li>
     <a href="#security-considerations"><span class="secno">5</span> <span class="content">Security Considerations</span></a>
     <ul class="toc">
      <li><a href="#isolation"><span class="secno">5.1</span> <span class="content">Incomplete Isolation</span></a>
     </ul>
    <li>
     <a href="#implementation-considerations"><span class="secno">6</span> <span class="content">Implementation Considerations</span></a>
     <ul class="toc">
      <li><a href="#packaged-applications"><span class="secno">6.1</span> <span class="content">Packaged Applications</span></a>
      <li><a href="#development-environments"><span class="secno">6.2</span> <span class="content">Development Environments</span></a>
      <li><a href="#new"><span class="secno">6.3</span> <span class="content">Restricting New Features</span></a>
      <li>
       <a href="#legacy"><span class="secno">6.4</span> <span class="content">Restricting Legacy Features</span></a>
       <ul class="toc">
        <li><a href="#legacy-example"><span class="secno">6.4.1</span> <span class="content">Example: Geolocation</span></a>
       </ul>
     </ul>
    <li><a href="#acknowledgements"><span class="secno">7</span> <span class="content">Acknowledgements</span></a>
    <li>
     <a href="#conformance"><span class="secno"></span> <span class="content">Conformance</span></a>
     <ul class="toc">
      <li><a href="#conventions"><span class="secno"></span> <span class="content">Document conventions</span></a>
      <li><a href="#conformant-algorithms"><span class="secno"></span> <span class="content">Conformant Algorithms</span></a>
     </ul>
    <li>
     <a href="#index"><span class="secno"></span> <span class="content">Index</span></a>
     <ul class="toc">
      <li><a href="#index-defined-here"><span class="secno"></span> <span class="content">Terms defined by this specification</span></a>
      <li><a href="#index-defined-elsewhere"><span class="secno"></span> <span class="content">Terms defined by reference</span></a>
     </ul>
    <li>
     <a href="#references"><span class="secno"></span> <span class="content">References</span></a>
     <ul class="toc">
      <li><a href="#normative"><span class="secno"></span> <span class="content">Normative References</span></a>
      <li><a href="#informative"><span class="secno"></span> <span class="content">Informative References</span></a>
     </ul>
    <li><a href="#idl-index"><span class="secno"></span> <span class="content">IDL Index</span></a>
   </ul>
  </div>
  <main>
   <section>
    <h2 class="heading settled" data-level="1" id="intro"><span class="secno">1. </span><span class="content">Introduction</span><a class="self-link" href="#intro"></a></h2>
    <p><em>This section is not normative.</em></p>
    <p>As the Web platform is extended to enable more useful and powerful
  applications, it becomes increasingly important to ensure that the features
  which enable those applications are enabled only in contexts which meet a minimum
  security bar. This document outlines threat models for feature abuse on the Web
  and outline normative requirements which should be incorporated into documents
  specifying new features.</p>
    <p>The most obvious of the requirements discussed here is that application code
  with access to sensitive or private data be delivered over authenticated and
  confidential channels that guarantee data integrity. Delivering code securely
  cannot ensure that an application will always meet a user’s security and
  privacy requirements, but it is a necessary precondition.</p>
    <h3 class="heading settled" data-level="1.1" id="examples"><span class="secno">1.1. </span><span class="content">Examples</span><a class="self-link" href="#examples"></a></h3>
    <h4 class="heading settled" data-level="1.1.1" id="examples-top-level"><span class="secno">1.1.1. </span><span class="content">Top-level Documents</span><a class="self-link" href="#examples-top-level"></a></h4>
    <p>Top-level documents are secure on their own merits:</p>
    <div class="example" id="example-f9c0bcaa">
     <a class="self-link" href="#example-f9c0bcaa"></a> 
     <p><code>https://example.com/</code> opened in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing
    context</a> is a <a data-link-type="dfn" href="#secure-context">secure context</a>, as it was delivered over
    an authenticated and encrypted channel.</p>
     <svg height="200" width="400">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="297" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
      </g>
     </svg>
    </div>
    <div class="example" id="example-385f5648">
     <a class="self-link" href="#example-385f5648"></a> 
     <p><code>http://non-secure.example.com/</code> opened in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level
    browsing context</a> pops open a new window containing <code>https://example.com/</code>. The former is not a <a data-link-type="dfn" href="#secure-context">secure
    context</a>; the latter is a <a data-link-type="dfn" href="#secure-context">secure context</a>, because it is a new
    top-level browsing context delivered over an authenticated and encrypted
    channel.</p>
     <svg height="400" width="400">
      <g transform="translate(10,10)">
       <rect class="non-secure" height="175" width="297" x="0" y="0"></rect>
       <text transform="translate(10, 20)">http://non-secure.example.com/</text>
      </g>
      <g transform="translate(10,210)">
       <rect class="secure" height="175" width="297" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
      </g>
      <g>
       <path d="M150, 87 C 200 75, 350 75, 150 287"></path>
      </g>
     </svg>
    </div>
    <h4 class="heading settled" data-level="1.1.2" id="examples-framed"><span class="secno">1.1.2. </span><span class="content">Framed Documents</span><a class="self-link" href="#examples-framed"></a></h4>
    <p>Framed documents can be <a data-link-type="dfn" href="#secure-context">secure contexts</a> if they are delivered from <a data-link-type="dfn" href="#potentially-trustworthy-origin">potentially trustworthy origins</a>, <em>and</em> if they’re embedded
  in a <a data-link-type="dfn" href="#secure-context">secure context</a>. That is:</p>
    <div class="example" id="example-0e744dfe">
     <a class="self-link" href="#example-0e744dfe"></a> 
     <p> if <code>https://example.com/</code> opened in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing
    context</a> opens <code>https://sub.example.com/</code> in a frame, then
    both are <a data-link-type="dfn" href="#secure-context">secure contexts</a>, as both were delivered over
    authenticated and encrypted channels.</p>
     <svg height="200" width="400">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(20, 50)">
        <rect class="secure" height="105" width="250" x="0" y="0"></rect>
        <text transform="translate(10, 20)">https://sub.example.com/</text>
       </g>
      </g>
     </svg>
    </div>
    <div class="example" id="example-90fe8723">
     <a class="self-link" href="#example-90fe8723"></a> 
     <p>If <code>https://example.com/</code> was somehow able to frame <code>http://non-secure.example.com/</code> (perhaps the user has
    overridden mixed content checking?), the top-level frame would remain
    secure, but the framed content is not a secure context.</p>
     <svg height="200" width="400">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(20, 50)">
        <rect class="non-secure" height="105" width="250" x="0" y="0"></rect>
        <text transform="translate(10, 20)">http://non-secure.example.com/</text>
       </g>
      </g>
     </svg>
    </div>
    <div class="example" id="example-c52936fc">
     <a class="self-link" href="#example-c52936fc"></a> 
     <p>If, on the other hand, <code>https://example.com/</code> is framed
    inside of <code>http://non-secure.example.com/</code>, then it is <em>not</em> a secure context, as its ancestor is not delivered over an
    authenticated and encrypted channel.</p>
     <svg height="200" width="400">
      <g transform="translate(10,10)">
       <rect class="non-secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">http://non-secure.example.com/</text>
       <g transform="translate(20, 50)">
        <rect class="non-secure" height="105" width="250" x="0" y="0"></rect>
        <text transform="translate(10, 20)">https://example.com/</text>
       </g>
      </g>
     </svg>
    </div>
    <h4 class="heading settled" data-level="1.1.3" id="examples-workers"><span class="secno">1.1.3. </span><span class="content">Web Workers</span><a class="self-link" href="#examples-workers"></a></h4>
    <p>Dedicated Web Workers are similar in nature to framed documents. They’re <a data-link-type="dfn" href="#secure-context">secure contexts</a> when they’re delivered from <a data-link-type="dfn" href="#potentially-trustworthy-origin">potentially
  trustworthy origins</a>, and when their owner is itself a <a data-link-type="dfn" href="#secure-context">secure
  context</a>:</p>
    <div class="example" id="example-512dd4fd">
     <a class="self-link" href="#example-512dd4fd"></a> 
     <p>If <code>https://example.com/</code> in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing
    context</a> runs <code>https://example.com/worker.js</code>, then
    both the document and the worker are <a data-link-type="dfn" href="#secure-context">secure contexts</a>.</p>
     <svg height="200" width="600">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(400, 110)">
        <circle class="secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/worker.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
     </svg>
    </div>
    <div class="example" id="example-453513c5">
     <a class="self-link" href="#example-453513c5"></a> 
     <p>If <code>http://non-secure.example.com/</code> in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing
    context</a> frames <code>https://example.com/</code>, which runs <code>https://example.com/worker.js</code>, then neither the framed document
    nor the worker are <a data-link-type="dfn" href="#secure-context">secure contexts</a>.</p>
     <svg height="200" width="600">
      <g transform="translate(10,10)">
       <rect class="non-secure" height="175" width="297" x="0" y="0"></rect>
       <text transform="translate(10, 20)">http://non-secure.example.com/</text>
       <g transform="translate(20, 50)">
        <rect class="non-secure" height="105" width="250" x="0" y="0"></rect>
        <text transform="translate(10, 20)">https://example.com/</text>
       </g>
       <g transform="translate(400, 110)">
        <circle class="non-secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/worker.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
     </svg>
    </div>
    <h4 class="heading settled" data-level="1.1.4" id="examples-shared-workers"><span class="secno">1.1.4. </span><span class="content">Shared Workers</span><a class="self-link" href="#examples-shared-workers"></a></h4>
    <p>Multiple contexts may attach to a Shared Worker. If a <a data-link-type="dfn" href="#secure-context">secure context</a> creates a Shared Worker, then it is a <a data-link-type="dfn" href="#secure-context">secure context</a>, and may only be
  attached to by other <a data-link-type="dfn" href="#secure-context">secure contexts</a>. If an non-secure context creates
  a Shared Worker, then it is <em>not</em> a <a data-link-type="dfn" href="#secure-context">secure context</a>, and may only
  be attached to by other non-secure contexts.</p>
    <div class="example" id="example-7e3c52b5">
     <a class="self-link" href="#example-7e3c52b5"></a> 
     <p>If <code>https://example.com/</code> in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing
    context</a> runs <code>https://example.com/worker.js</code> as a Shared
    Worker, then both the document and the worker are considered secure
    contexts.</p>
     <svg height="200" width="600">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(400, 110)">
        <circle class="secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/worker.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
     </svg>
    </div>
    <div class="example" id="example-34d1a1ea">
     <a class="self-link" href="#example-34d1a1ea"></a> 
     <p>If <code>https://example.com/</code> in a different <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level
    browsing context</a> (e.g. in a new window) is a secure context, so it may
    access the secure shared worker:</p>
     <svg height="400" width="600">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(400, 110)">
        <circle class="secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/worker.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
      <g transform="translate(10,200)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 -80"></path>
       </g>
      </g>
     </svg>
    </div>
    <div class="example" id="example-2829bc67">
     <a class="self-link" href="#example-2829bc67"></a> 
     <p><code>https://example.com/</code> nested in <code>http://non-secure.example.com/</code> may not connect to the secure
    worker, as it is not a secure context.</p>
     <svg height="400" width="600">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(400, 110)">
        <circle class="secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/worker.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
      <g transform="translate(10,200)">
       <rect class="non-secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">http://non-secure.example.com/</text>
       <g transform="translate(20, 50)">
        <rect class="non-secure" height="105" width="250" x="0" y="0"></rect>
        <text transform="translate(10, 20)">https://example.com/</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 20"></path>
        <text class="rejection" transform="translate(405, 20)">X</text>
       </g>
      </g>
     </svg>
    </div>
    <div class="example" id="example-a7414e08">
     <a class="self-link" href="#example-a7414e08"></a> 
     <p>Likewise, if <code>https://example.com/</code> nested in <code>http://non-secure.example.com/</code> runs <code>https://example.com/worker.js</code> as a Shared
    Worker, then both the document and the worker are considered non-secure.</p>
     <svg height="400" width="600">
      <g transform="translate(10,10)">
       <rect class="non-secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">http://non-secure.example.com/</text>
       <g transform="translate(20, 50)">
        <rect class="non-secure" height="105" width="250" x="0" y="0"></rect>
        <text transform="translate(10, 20)">https://example.com/</text>
       </g>
       <g transform="translate(400, 110)">
        <circle class="non-secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/worker.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
      <g transform="translate(10,200)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 20"></path>
        <text class="rejection" transform="translate(405, 20)">X</text>
       </g>
      </g>
     </svg>
    </div>
    <h4 class="heading settled" data-level="1.1.5" id="examples-service-workers"><span class="secno">1.1.5. </span><span class="content">Service Workers</span><a class="self-link" href="#examples-service-workers"></a></h4>
    <p>Service Workers are always <a data-link-type="dfn" href="#secure-context">secure contexts</a>. Only <a data-link-type="dfn" href="#secure-context">secure contexts</a> may register them, and they may only have clients which are <a data-link-type="dfn" href="#secure-context">secure
  contexts</a>.</p>
    <div class="example" id="example-58019791">
     <a class="self-link" href="#example-58019791"></a> 
     <p>If <code>https://example.com/</code> in a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing
    context</a> registers <code>https://example.com/service.js</code>,
    then both the document and the Service Worker are considered secure
    contexts.</p>
     <svg height="200" width="600">
      <g transform="translate(10,10)">
       <rect class="secure" height="175" width="300" x="0" y="0"></rect>
       <text transform="translate(10, 20)">https://example.com/</text>
       <g transform="translate(400, 110)">
        <circle class="secure" r="50"></circle>
        <text transform="translate(-75, -55)">https://example.com/service.js</text>
       </g>
       <g>
        <path d="M150, 87 C 200 75, 350 75, 405 110"></path>
       </g>
      </g>
     </svg>
    </div>
   </section>
   <section>
    <h2 class="heading settled" data-level="2" id="framework"><span class="secno">2. </span><span class="content">Framework</span><a class="self-link" href="#framework"></a></h2>
    <p>A <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#settings-object">settings object</a> is considered a <dfn data-dfn-type="dfn" data-export="" id="secure-context">secure context<a class="self-link" href="#secure-context"></a></dfn> if
  the algorithm in <a href="#settings-object">§3.1 Is settings object a secure context?</a> returns "<code>Secure</code>". The <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#settings-object">settings
  object</a> is otherwise <dfn data-dfn-type="dfn" data-export="" data-lt="non-secure context" id="non-secure-context">non-secure<a class="self-link" href="#non-secure-context"></a></dfn>.</p>
    <h3 class="heading settled" data-level="2.1" id="monkey-patching"><span class="secno">2.1. </span><span class="content">Modifications to HTML</span><a class="self-link" href="#monkey-patching"></a></h3>
    <h4 class="heading settled" data-level="2.1.1" id="monkey-patching-shared-workers"><span class="secno">2.1.1. </span><span class="content">Shared Workers</span><a class="self-link" href="#monkey-patching-shared-workers"></a></h4>
    <p>The <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#dom-sharedworker">SharedWorker()</a></code> constructor will throw a <code>SecurtyError</code> exception if
  a if a <a data-link-type="dfn" href="#secure-context">secure context</a> attempts to attach to an Worker which is not a <a data-link-type="dfn" href="#secure-context">secure context</a>, and if an non-secure context attempts to attach to a
  Worker which is a <a data-link-type="dfn" href="#secure-context">secure context</a>. The constructor is modified as
  follows:</p>
    <ol>
     <li data-md="">
      <p>As the first substep of the <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#dom-sharedworker">SharedWorker()</a></code> constructor’s current step
  7.7 ("If <var>worker global scope</var> is not <code>null</code>, then run these
  steps:"), run the following step:</p>
      <ol>
       <li data-md="">
        <p>If the result of executing <a href="#settings-object">§3.1 Is settings object a secure context?</a> on the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent
  settings object</a> does not match the result of executing the same
  algorithm on <var>worker global scope</var>’s <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#relevant-settings-object-for-a-global-object">relevant settings
  object</a>, then throw a <code>SecurityError</code> exception, and abort
  the remaining steps.</p>
      </ol>
    </ol>
    <h4 class="heading settled" data-level="2.1.2" id="monkey-patching-global-object"><span class="secno">2.1.2. </span><span class="content">Feature Detection</span><a class="self-link" href="#monkey-patching-global-object"></a></h4>
    <p>To determine whether a context is capable of making use of features which
  require <a data-link-type="dfn" href="#secure-context">secure contexts</a>, a simple boolean attribute is added to the
  global object:</p>
<pre class="idl">partial interface <a class="idl-code" data-link-type="interface" href="http://www.w3.org/TR/dom/#interface-window">Window</a> {
  readonly attribute boolean <dfn class="idl-code" data-dfn-for="Window" data-dfn-type="attribute" data-export="" data-readonly="" data-type="boolean " id="dom-window-issecurecontext">isSecureContext<a class="self-link" href="#dom-window-issecurecontext"></a></dfn>;
};

partial interface <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope">WorkerGlobalScope</a> {
  readonly attribute boolean <dfn class="idl-code" data-dfn-for="WorkerGlobalScope" data-dfn-type="attribute" data-export="" data-readonly="" data-type="boolean " id="dom-workerglobalscope-issecurecontext">isSecureContext<a class="self-link" href="#dom-workerglobalscope-issecurecontext"></a></dfn>;
};
</pre>
    <p>Both <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/dom/#interface-window">Window</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-window-issecurecontext">isSecureContext</a></code> and <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope">WorkerGlobalScope</a></code>'s <code class="idl"><a data-link-type="idl" href="#dom-workerglobalscope-issecurecontext">isSecureContext</a></code> attribute’s getters return <code>true</code> if the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#relevant-settings-object-for-a-global-object">relevant settings object</a> for the getter’s <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#global-object">global object</a> is a <a data-link-type="dfn" href="#secure-context">secure context</a>, and <code>false</code> otherwise.</p>
   </section>
   <section>
    <h2 class="heading settled" data-level="3" id="algorithms"><span class="secno">3. </span><span class="content">Algorithms</span><a class="self-link" href="#algorithms"></a></h2>
    <h3 class="heading settled" data-level="3.1" id="settings-object"><span class="secno">3.1. </span><span class="content"> Is <var>settings object</var> a secure context? </span><a class="self-link" href="#settings-object"></a></h3>
    <p>Given a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#settings-object">settings object</a> (<var>settings</var>), this algorithm returns
  "<code>Secure</code>" if the object represents a context which the user agent fetched via
  a secure channel, and "<code>Not Secure</code>" otherwise.</p>
    <ol>
     <li data-md="">
      <p>Let <var>ancestors</var> be a list containing <var>settings</var>.</p>
     <li data-md="">
      <p>If <var>settings</var>' <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#global-object">global object</a> is a <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope">WorkerGlobalScope</a></code>,
  then:</p>
      <ol>
       <li data-md="">
        <p>For each <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/dom/#interface-document">Document</a></code> (<var>document</var>) in <var>settings</var>' <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#global-object">global object</a>’s list of <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#the-workers-documents">the worker’s <code>Documents</code></a>:</p>
        <ol>
         <li data-md="">
          <p>Add each item in the result of executing <a href="#gather-ancestors">§3.3 Gather document’s relevant ancestors</a> on <var>document</var> to <var>ancestors</var>.</p>
        </ol>
      </ol>
     <li data-md="">
      <p>Otherwise, <var>settings</var>' <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#global-object">global object</a> is a <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/dom/#interface-window">Window</a></code>, so:</p>
      <ol>
       <li data-md="">
        <p>Add each item in the result of executing <a href="#gather-ancestors">§3.3 Gather document’s relevant ancestors</a> on <var>settings</var>' <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#responsible-document">responsible document</a> to <var>ancestors</var>.</p>
      </ol>
     <li data-md="">
      <p>For each <var>ancestor settings</var> in <var>ancestors</var>:</p>
      <ol>
       <li data-md="">
        <p>If <var>ancestor settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#https-state">HTTPS state</a> is "<code>modern</code>",
  skip to the next <var>ancestor settings</var>.</p>
       <li data-md="">
        <p>Let <var>origin</var> be <var>ancestor settings</var>' <a data-link-type="dfn" href="https://tools.ietf.org/html/rfc6454#section-3.2">origin</a>.</p>
       <li data-md="">
        <p>If <var>origin</var> is a <a data-link-type="dfn" href="https://tools.ietf.org/html/rfc6454#section-2.3">globally unique identifier</a>, set <var>origin</var> to the <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-origin">origin</a> of <var>settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#creation-url">creation URL</a>.</p>
        <p class="note" role="note">Note: We use the origin of the URL here in order to allow sandboxed
  context to remain secure (as sandboxing is a strict reduction in the
  context’s capabilities, and therefore to the risk it poses). This
  covers scenarios such as <code>&lt;iframe sandbox src="http://localhost/"></code>.</p>
       <li data-md="">
        <p>If the result of executing the <a href="#is-origin-trustworthy">§3.2 Is origin potentially trustworthy?</a> algorithm
  on <var>origin</var> is <strong>not</strong> <code>Potentially Trustworthy</code>, then return "<code>Not Secure</code>".</p>
      </ol>
     <li data-md="">
      <p>Return "<code>Secure</code>".</p>
    </ol>
    <h3 class="heading settled" data-level="3.2" id="is-origin-trustworthy"><span class="secno">3.2. </span><span class="content"> Is <var>origin</var> potentially trustworthy? </span><a class="self-link" href="#is-origin-trustworthy"></a></h3>
    <p>A <dfn data-dfn-type="dfn" data-export="" id="potentially-trustworthy-origin">potentially trustworthy origin<a class="self-link" href="#potentially-trustworthy-origin"></a></dfn> is one which a user agent
  can generally trust as delivering data securely.</p>
    <p>Certain origins are always potentially trustworthy. In particular, user agents
  MUST treat <code>file</code> URLs and URLs with hostnames names equivalent to <code>localhost</code> as potentially trustworthy. In principle the user agent could
  treat local files and local web servers as untrustworthy, but, <em>given the
  information that is available to the user agent at runtime</em>, the resources
  appear to have been transported securely. Additionally, treating such
  resources as potentially trustworthy is convenient for developers building an
  application before deploying it to the public.</p>
    <p>A user agent MAY choose to extend this trust to other, vendor-specific URL
  schemes like <code>app:</code> or <code>chrome-extension:</code>.</p>
    <p>Given an <a data-link-type="dfn" href="https://tools.ietf.org/html/rfc6454#section-3.2">origin</a> <var>origin</var>, the following algorithm returns <code>Potentially Trustworthy</code> or <code>Not Trustworthy</code> as
  appropriate.</p>
    <ol>
     <li data-md="">
      <p>If <var>origin</var> is a <a data-link-type="dfn" href="https://w3c.github.io/webappsec/specs/mixedcontent/#potentially-secure-origin">potentially secure origin</a>, return <code>Potentially Trustworthy</code>.</p>
      <p class="note" role="note">Note: The origin of <code>blob:</code> and <code>filesystem:</code> URLs
  is the origin of the context in which they were created. Therefore,
  blobs created in an potentially secure origin will themselves be
  potentially secure. The origin of <code>data:</code> and <code>javascript:</code> URLs is an opaque identifier, which will not
  be considered potentially secure.</p>
     <li data-md="">
      <p>If <var>origin</var>’s <code>host</code> component is or falls within <code>localhost.</code> <a data-link-type="biblio" href="#biblio-rfc6761">[RFC6761]</a>, return <code>Potentially
  Trustworthy</code>.</p>
     <li data-md="">
      <p>If <var>origin</var>’s <code>host</code> component matches one of
  the CIDR notations <code>127.0.0.0/8</code> or <code>::1/128</code> <a data-link-type="biblio" href="#biblio-rfc4632">[RFC4632]</a>, return <code>Potentially Trustworthy</code>.</p>
     <li data-md="">
      <p>If <var>origin</var>’s <code>scheme</code> component is <code>file</code>, return <code>Potentially Trustworthy</code>.</p>
     <li data-md="">
      <p>If <var>origin</var>’s <code>scheme</code> component is one which
  the user agent considers to be authenticated, return <code>Potentially Trustworthy</code>.</p>
      <p class="note" role="note">Note: See <a href="#packaged-applications">§6.1 Packaged Applications</a> for detail here.</p>
     <li data-md="">
      <p>If <var>origin</var> has been configured as a trustworthy origin,
  return <code>Potentially Trustworthy</code>.</p>
      <p class="note" role="note">Note: See <a href="#development-environments">§6.2 Development Environments</a> for detail here.</p>
     <li data-md="">
      <p>Return <code>Not Trusted</code>.</p>
    </ol>
    <h3 class="heading settled" data-level="3.3" id="gather-ancestors"><span class="secno">3.3. </span><span class="content"> Gather <var>document</var>’s relevant ancestors </span><a class="self-link" href="#gather-ancestors"></a></h3>
    <p>Given a <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/dom/#interface-document">Document</a></code> (<var>document</var>), this algorithm returns a list of <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#settings-object">settings objects</a> which ought to be considered when determining whether
  or not <var>document</var> is a <a data-link-type="dfn" href="#secure-context">secure context</a>.</p>
    <ol>
     <li data-md="">
      <p>Let <var>ancestors</var> be a list containing <var>document</var>’s <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#relevant-settings-object-for-a-global-object">relevant settings object</a>.</p>
     <li data-md="">
      <p>While <var>document</var> has a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#creator-document">creator <code>Document</code></a> <var>creator</var>:</p>
      <ol>
       <li data-md="">
        <p>If <var>creator</var>’s <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#browsing-context">browsing context</a> is an <a data-link-type="dfn" href="http://www.w3.org/TR/html5/browsers.html#ancestor-browsing-context">ancestor
  browsing context</a> of <var>document</var>:</p>
        <ol>
         <li data-md="">
          <p>Insert <var>creator</var>’s <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#relevant-settings-object-for-a-global-object">relevant settings object</a> into <var>ancestors</var>, unless <var>creator</var> is <a data-link-type="dfn" href="http://www.w3.org/TR/html5/embedded-content-0.html#an-iframe-srcdoc-document">an IFrame <code>srcdoc</code> <code>Document</code></a>.</p>
         <li data-md="">
          <p>Let <var>document</var> be <var>creator</var>.</p>
        </ol>
       <li data-md="">
        <p>Otherwise, exit this loop.</p>
      </ol>
     <li data-md="">
      <p>Return <var>ancestors</var>.</p>
    </ol>
    <p class="note" role="note">Note: When gathering a <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/dom/#interface-document">Document</a></code>'s ancestors, we walk the browsing context
  creation document chain, but stop when that chain spans across more than one <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/dom/#interface-window">Window</a></code>. That is, a newly opened window is evaluated on its own merits,
  without regard for the status of the opener.</p>
   </section>
   <section>
    <h2 class="heading settled" data-level="4" id="threat-models-risks"><span class="secno">4. </span><span class="content"> Threat models and risks </span><a class="self-link" href="#threat-models-risks"></a></h2>
    <p><em>This section is non-normative.</em></p>
    <h3 class="heading settled" data-level="4.1" id="threat-models"><span class="secno">4.1. </span><span class="content">Threat Models</span><a class="self-link" href="#threat-models"></a></h3>
    <p>Granting permissions to unauthenticated origins is, in the presence of a
  network attacker, equivalent to granting the permissions to any origin. The
  state of the Internet is such that we must indeed assume that a network
  attacker is present. Generally, network attackers fall into 2 classes:
  passive and active.</p>
    <h4 class="heading settled" data-level="4.1.1" id="threat-passive"><span class="secno">4.1.1. </span><span class="content">Passive Network Attacker</span><a class="self-link" href="#threat-passive"></a></h4>
    <p>A "Passive Network Attacker" is a party who is able to observe traffic
  flows but who lacks the ability or chooses not to modify traffic at
  the layers which this specification is concerned with.</p>
    <p>Surveillance of networks in this manner "subverts the intent of communicating
  parties without the agreement of these parties" and one "cannot defend against
  the most nefarious actors while allowing monitoring by other actors no matter
  how benevolent some might consider them to be." <a data-link-type="biblio" href="#biblio-rfc7258">[RFC7258]</a> Therefore, the
  algorithms defined in this document require mechansims that provide for the
  privacy of data at the application layer, not simply integrity.</p>
    <h4 class="heading settled" data-level="4.1.2" id="threat-active"><span class="secno">4.1.2. </span><span class="content">Active Network Attacker</span><a class="self-link" href="#threat-active"></a></h4>
    <p>An "Active Network Attacker" has all the capabilities of a "Passive Network
  Attacker" and is additionally able to modify, block or replay any data
  transiting the network.  These capabilities are available to potential
  adversaries at many levels of capability, from compromised devices offering
  or simply participating in public wireless networks, to Internet Service
  Providers indirectly introducing security and privacy vulnerabilities while
  manipulating traffic for financial gain (<a data-link-type="biblio" href="#biblio-verizon">[VERIZON]</a> and <a data-link-type="biblio" href="#biblio-comcast">[COMCAST]</a> are
  recent examples), to parties with direct intent to compromise security or
  privacy who are able to target individual users, organizations or even
  entire populations.</p>
    <h3 class="heading settled" data-level="4.2" id="threat-risks"><span class="secno">4.2. </span><span class="content">Risks associated with non-secure contexts</span><a class="self-link" href="#threat-risks"></a></h3>
    <p>Certain web platform features that have a distinct impact on a user’s
  security or privacy should be available for use only in <a data-link-type="dfn" href="#secure-context">secure
  contexts</a> in order to defend against the threats above. Features
  available in non-secure contexts risk exposing these capabilities to
  network attackers:</p>
    <ol>
     <li> The ability to read and modify sensitive data (personally-identifying
      information, credentials, payment instruments, and so on). <a data-link-type="biblio" href="#biblio-credential-management">[CREDENTIAL-MANAGEMENT]</a> is an example of an API that handles sensitive
      data. 
     <li> The ability to read and modify input from sensors on a user’s device
      (camera, microphone, and GPS being particularly noteworthy, but
      certainly including less obviously dangerous sensors like the
      accelerometer). <a data-link-type="biblio" href="#biblio-geolocation-api">[GEOLOCATION-API]</a> and <a data-link-type="biblio" href="#biblio-mediacapture-streams">[MEDIACAPTURE-STREAMS]</a> are
      historical examples of features that use sensor input. 
     <li> The ability to access information about other devices a user
      has access to. <a data-link-type="biblio" href="#biblio-discovery">[DISCOVERY]</a> and <a data-link-type="biblio" href="#biblio-bluetooth">[BLUETOOTH]</a> are good examples. 
     <li> The ability to track users using temporary or persistent identifiers,
      including identifiers which reset themselves after some period of time
      (e.g. <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/html5/webstorage.html#the-sessionstorage-attribute">sessionStorage</a></code>), identifiers the user can manually reset
      (e.g. <a data-link-type="biblio" href="#biblio-encrypted-media">[ENCRYPTED-MEDIA]</a>, Cookies <a data-link-type="biblio" href="#biblio-rfc6265">[RFC6265]</a>, and <a data-link-type="biblio" href="#biblio-indexeddb">[IndexedDB]</a>),
      as well as identifying hardware features the user can’t easily reset. 
     <li> The ability to introduce some state for an origin which persists across
      browsing sessions. <a data-link-type="biblio" href="#biblio-service-workers">[SERVICE-WORKERS]</a> is a great example. 
     <li> The ability to manipulate a user agent’s native UI in some way which
      removes, obscures, or manipulates details relevant to a user’s
      understanding of their context. <a data-link-type="biblio" href="#biblio-fullscreen">[FULLSCREEN]</a>, for instance. 
     <li> The ability to introduce some functionality for which user permission will
      be required. 
    </ol>
    <p>This list is non-exhaustive, but should give you a feel for the types of
  risks we should consider when writing or implementing specifications.</p>
    <p class="note" role="note">Note: While restricting a feature itself to <a data-link-type="dfn" href="#secure-context">secure contexts</a> is
  critical, we ought not forget that facilities that carry such information
  (such as new network access mechanisms, or other generic functions with access
  to network data) are equally sensitive.</p>
   </section>
   <section>
    <h2 class="heading settled" data-level="5" id="security-considerations"><span class="secno">5. </span><span class="content">Security Considerations</span><a class="self-link" href="#security-considerations"></a></h2>
    <h3 class="heading settled" data-level="5.1" id="isolation"><span class="secno">5.1. </span><span class="content">Incomplete Isolation</span><a class="self-link" href="#isolation"></a></h3>
    <p>The <a data-link-type="dfn" href="#secure-context">secure context</a> definition in this document does not completely
  isolate a "secure" view on an origin from an "non-secure" view on the same
  origin. That is, a developer who is actively working to bypass the secure
  context restriction on a particular API will be able to create a <code>postMessage</code>-based shim if they’re willing to pop up a new window
  and rely on its persistence (as the new window will be a new top-level
  browsing context, and will be evaluated without regard for the opener’s
  state).</p>
    <p>More esoteric exfiltration methods will be available as well, ranging from
  shared <code>localStorage</code> and related <code>storage</code> events to <code>window.name</code> tricks.</p>
   </section>
   <section>
    <h2 class="heading settled" data-level="6" id="implementation-considerations"><span class="secno">6. </span><span class="content">Implementation Considerations</span><a class="self-link" href="#implementation-considerations"></a></h2>
    <h3 class="heading settled" data-level="6.1" id="packaged-applications"><span class="secno">6.1. </span><span class="content">Packaged Applications</span><a class="self-link" href="#packaged-applications"></a></h3>
    <p>User agents that support packaged applications MAY whitelist specific URL
  schemes whose contents are authenticated by the user agent. For example,
  FirefoxOS application resources are referred to by a URL whose <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-scheme">scheme</a> component is <code>app:</code>. Likewise, Chrome’s extensions
  and apps live on <code>chrome-extension:</code> schemes. These could reasonably be
  considered trusted origins.</p>
    <h3 class="heading settled" data-level="6.2" id="development-environments"><span class="secno">6.2. </span><span class="content">Development Environments</span><a class="self-link" href="#development-environments"></a></h3>
    <p>In order to support developers who run staging servers on non-loopback hosts,
  user agents MAY allow users to configure specific sets of origins as
  trustworthy, even though <a href="#is-origin-trustworthy">§3.2 Is origin potentially trustworthy?</a> would normally return <code>Not Trusted</code>.</p>
    <h3 class="heading settled" data-level="6.3" id="new"><span class="secno">6.3. </span><span class="content">Restricting New Features</span><a class="self-link" href="#new"></a></h3>
    <p><em>This section is non-normative.</em></p>
    <p>When writing a specification for new features, we recommend that authors
  and editors guard sensitive APIs with checks against <a data-link-type="dfn" href="#secure-context">secure contexts</a>.
  For example, something like the following might be a good approach:</p>
    <div class="example" id="example-1611693b">
     <a class="self-link" href="#example-1611693b"></a> 
     <ol>
      <li>
        If the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent settings object</a> is <em>not</em> a <a data-link-type="dfn" href="#secure-context">secure
        context</a>, then: 
       <ol>
        <li> [<i>insert something appropriate here: perhaps a Promise could be
            rejected with a <code>SecurityError</code>, an error callback could be called,
            a permission request denied, etc.</i>]. 
       </ol>
     </ol>
    </div>
    <h3 class="heading settled" data-level="6.4" id="legacy"><span class="secno">6.4. </span><span class="content">Restricting Legacy Features</span><a class="self-link" href="#legacy"></a></h3>
    <p><em>This section is non-normative.</em></p>
    <p>The list above clearly includes some existing functionality that is currently
  available to the web over non-secure channels. We recommend that such legacy
  functionality begin requiring a <a data-link-type="dfn" href="#secure-context">secure context</a> as quickly as is
  reasonably possible.</p>
    <ol>
     <li data-md="">
      <p>If such a feature is not widely implemented, we recommend that the
  specification be immediately <a data-link-type="dfn" href="http://www.w3.org/2014/Process-20140801/#rec-modify">modified</a> to include a restriction
  to <a data-link-type="dfn" href="#secure-context">secure contexts</a>.</p>
     <li data-md="">
      <p>If such a feature is widely implemented, but not yet in wide use, we
  recommend that it be quickly restricted to <a data-link-type="dfn" href="#secure-context">secure contexts</a> by
  adding a check as described in <a href="#new">§6.3 Restricting New Features</a> to existing implementations, and <a data-link-type="dfn" href="http://www.w3.org/2014/Process-20140801/#rec-modify">modifying the specification</a> accordingly.</p>
     <li data-md="">
      <p>If such a feature is in wide use, we recommend that the existing
  functionality be deprecated; the specification should be <a data-link-type="dfn" href="http://www.w3.org/2014/Process-20140801/#rec-modify">modified</a> to note that it does not
  conform to the restrictions outlined in this document, and a plan should
  be developed to both offer a conformant version of the feature and to
  migrate existing users into that new version.</p>
    </ol>
    <h4 class="heading settled" data-level="6.4.1" id="legacy-example"><span class="secno">6.4.1. </span><span class="content">Example: Geolocation</span><a class="self-link" href="#legacy-example"></a></h4>
    <p>The <a data-link-type="biblio" href="#biblio-geolocation-api">[GEOLOCATION-API]</a> is a good concrete example of such an feature; it is
  widely implemented and used on a large number of non-secure sites. A reasonable
  path forward might look like this:</p>
    <ol>
     <li data-md="">
      <p><a data-link-type="dfn" href="http://www.w3.org/2014/Process-20140801/#rec-modify">Modify</a> the specification to include
  checks against <a data-link-type="dfn" href="#secure-context">secure context</a> before executing the algorithms for <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/geolocation-API/#get-current-position">getCurrentPosition()</a></code> and <code class="idl"><a data-link-type="idl" href="http://www.w3.org/TR/geolocation-API/#watch-position">watchPosition()</a></code>.</p>
      <p>If the <a data-link-type="dfn" href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent settings object</a> is not a <a data-link-type="dfn" href="#secure-context">secure context</a>,
  then the algorithms should be aborted, and the <var>errorCallback</var> invoked with a <code>code</code> of <code>PERMISSION_DENIED</code>.</p>
     <li data-md="">
      <p>User agents should announce clear intentions to disable the API for
  non-secure contexts on a specific date, and warn developers accordingly
  (via console messages, for example).</p>
     <li data-md="">
      <p>Leading up to the flag day, user agents should announce a deprecation
  schedule to ensure both that site authors recognize the need to modify
  their code before it simply stops working altogether, and to protect
  users in the meantime. Such a plan might include any or all of:</p>
      <ol>
       <li data-md="">
        <p>Disallowing persistent permission grants to non-secure origins</p>
       <li data-md="">
        <p>Coarsening the accuracy of the API for non-secure origins (perhaps
  consistently returning city-level data rather than high-accuracy
  data)</p>
       <li data-md="">
        <p>UI modifications to inform users and site authors of the risk</p>
      </ol>
    </ol>
   </section>
   <section>
    <h2 class="heading settled" data-level="7" id="acknowledgements"><span class="secno">7. </span><span class="content">Acknowledgements</span><a class="self-link" href="#acknowledgements"></a></h2>
    <p>This document is largely based on the Chrome Security team’s work on <a data-link-type="biblio" href="#biblio-powerful-new-features">[POWERFUL-NEW-FEATURES]</a>. Chris Palmer, Ryan Sleevi, and David Dorwin have
  been particularly engaged. Anne van Kesteren, Boris Zbarsky, and Henri Sivonen
  have also provided very helpful feedback.</p>
   </section>
  </main>
  <h2 class="no-ref no-num heading settled" id="conformance"><span class="content">Conformance</span><a class="self-link" href="#conformance"></a></h2>
  <h3 class="no-ref no-num heading settled" id="conventions"><span class="content">Document conventions</span><a class="self-link" href="#conventions"></a></h3>
  <p>Conformance requirements are expressed with a combination of
    descriptive assertions and RFC 2119 terminology. The key words "MUST",
    "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
    "RECOMMENDED", "MAY", and "OPTIONAL" in the normative parts of this
    document are to be interpreted as described in RFC 2119.
    However, for readability, these words do not appear in all uppercase
    letters in this specification. </p>
  <p>All of the text of this specification is normative except sections
    explicitly marked as non-normative, examples, and notes. <a data-link-type="biblio" href="#biblio-rfc2119">[RFC2119]</a></p>
  <p>Examples in this specification are introduced with the words "for example"
    or are set apart from the normative text with <code>class="example"</code>,
    like this: </p>
  <div class="example" id="example-f839f6c8">
   <a class="self-link" href="#example-f839f6c8"></a> 
   <p>This is an example of an informative example.</p>
  </div>
  <p>Informative notes begin with the word "Note" and are set apart from the
    normative text with <code>class="note"</code>, like this: </p>
  <p class="note" role="note">Note, this is an informative note.</p>
  <h3 class="no-ref no-num heading settled" id="conformant-algorithms"><span class="content">Conformant Algorithms</span><a class="self-link" href="#conformant-algorithms"></a></h3>
  <p>Requirements phrased in the imperative as part of algorithms (such as
    "strip any leading space characters" or "return false and abort these
    steps") are to be interpreted with the meaning of the key word ("must",
    "should", "may", etc) used in introducing the algorithm.</p>
  <p>Conformance requirements phrased as algorithms or specific steps can be
    implemented in any manner, so long as the end result is equivalent. In
    particular, the algorithms defined in this specification are intended to
    be easy to understand and are not intended to be performant. Implementers
    are encouraged to optimize.</p>
  <h2 class="no-num heading settled" id="index"><span class="content">Index</span><a class="self-link" href="#index"></a></h2>
  <h3 class="no-num heading settled" id="index-defined-here"><span class="content">Terms defined by this specification</span><a class="self-link" href="#index-defined-here"></a></h3>
  <ul class="indexlist">
   <li>
    isSecureContext
    <ul>
     <li><a href="#dom-window-issecurecontext">attribute for Window</a><span>, in §2.1.2</span>
     <li><a href="#dom-workerglobalscope-issecurecontext">attribute for WorkerGlobalScope</a><span>, in §2.1.2</span>
    </ul>
   <li><a href="#non-secure-context">non-secure context</a><span>, in §2</span>
   <li><a href="#potentially-trustworthy-origin">potentially trustworthy origin</a><span>, in §3.2</span>
   <li><a href="#secure-context">secure context</a><span>, in §2</span>
  </ul>
  <h3 class="no-num heading settled" id="index-defined-elsewhere"><span class="content">Terms defined by reference</span><a class="self-link" href="#index-defined-elsewhere"></a></h3>
  <ul class="indexlist">
   <li>
    <a data-link-type="biblio" href="#biblio-dom">[dom]</a> defines the following terms:
    <ul>
     <li><a href="http://www.w3.org/TR/dom/#interface-document">Document</a>
     <li><a href="http://www.w3.org/TR/dom/#interface-window">Window</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-geolocation-api">[geolocation-API]</a> defines the following terms:
    <ul>
     <li><a href="http://www.w3.org/TR/geolocation-API/#get-current-position">getCurrentPosition()</a>
     <li><a href="http://www.w3.org/TR/geolocation-API/#watch-position">watchPosition()</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-html">[HTML]</a> defines the following terms:
    <ul>
     <li><a href="https://html.spec.whatwg.org/multipage/workers.html#dom-sharedworker">SharedWorker()</a>
     <li><a href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope">WorkerGlobalScope</a>
     <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#creation-url">creation url</a>
     <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#https-state">https state</a>
     <li><a href="https://html.spec.whatwg.org/multipage/workers.html#the-workers-documents">the worker's documents</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-html5">[html5]</a> defines the following terms:
    <ul>
     <li><a href="http://www.w3.org/TR/html5/embedded-content-0.html#an-iframe-srcdoc-document">an iframe srcdoc document</a>
     <li><a href="http://www.w3.org/TR/html5/browsers.html#ancestor-browsing-context">ancestor browsing context</a>
     <li><a href="http://www.w3.org/TR/html5/browsers.html#browsing-context">browsing context</a>
     <li><a href="http://www.w3.org/TR/html5/browsers.html#creator-document">creator document</a>
     <li><a href="http://www.w3.org/TR/html5/webappapis.html#global-object">global object</a>
     <li><a href="http://www.w3.org/TR/html5/webappapis.html#incumbent-settings-object">incumbent settings object</a>
     <li><a href="http://www.w3.org/TR/html5/webappapis.html#relevant-settings-object-for-a-global-object">relevant settings object</a>
     <li><a href="http://www.w3.org/TR/html5/webappapis.html#responsible-document">responsible document</a>
     <li><a href="http://www.w3.org/TR/html5/webstorage.html#the-sessionstorage-attribute">sessionStorage</a>
     <li><a href="http://www.w3.org/TR/html5/webappapis.html#settings-object">settings object</a>
     <li><a href="http://www.w3.org/TR/html5/browsers.html#top-level-browsing-context">top-level browsing context</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-mix">[MIX]</a> defines the following terms:
    <ul>
     <li><a href="https://w3c.github.io/webappsec/specs/mixedcontent/#potentially-secure-origin">potentially secure origin</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-rfc6454">[RFC6454]</a> defines the following terms:
    <ul>
     <li><a href="https://tools.ietf.org/html/rfc6454#section-2.3">globally unique identifier</a>
     <li><a href="https://tools.ietf.org/html/rfc6454#section-3.2">origin</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-url">[URL]</a> defines the following terms:
    <ul>
     <li><a href="https://url.spec.whatwg.org/#concept-url-origin">origin of a url</a>
     <li><a href="https://url.spec.whatwg.org/#concept-url-scheme">scheme</a>
    </ul>
   <li>
    <a data-link-type="biblio" href="#biblio-w3c-process">[W3C-PROCESS]</a> defines the following terms:
    <ul>
     <li><a href="http://www.w3.org/2014/Process-20140801/#rec-modify">modify a specification</a>
    </ul>
  </ul>
  <h2 class="no-num heading settled" id="references"><span class="content">References</span><a class="self-link" href="#references"></a></h2>
  <h3 class="no-num heading settled" id="normative"><span class="content">Normative References</span><a class="self-link" href="#normative"></a></h3>
  <dl>
   <dt id="biblio-html"><a class="self-link" href="#biblio-html"></a>[HTML]
   <dd>Ian Hickson. <a href="https://html.spec.whatwg.org/multipage/">HTML Standard</a>. Living Standard. URL: <a href="https://html.spec.whatwg.org/multipage/">https://html.spec.whatwg.org/multipage/</a>
   <dt id="biblio-mix"><a class="self-link" href="#biblio-mix"></a>[MIX]
   <dd>Mike West. <a href="https://w3c.github.io/webappsec/specs/mixedcontent/">Mixed Content</a>. LCWD. URL: <a href="https://w3c.github.io/webappsec/specs/mixedcontent/">https://w3c.github.io/webappsec/specs/mixedcontent/</a>
   <dt id="biblio-rfc4632"><a class="self-link" href="#biblio-rfc4632"></a>[RFC4632]
   <dd>Vince Fuller; Tony Li. <a href="http://www.ietf.org/rfc/rfc4632.txt">Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan</a>. RFC. URL: <a href="http://www.ietf.org/rfc/rfc4632.txt">http://www.ietf.org/rfc/rfc4632.txt</a>
   <dt id="biblio-rfc6454"><a class="self-link" href="#biblio-rfc6454"></a>[RFC6454]
   <dd>Adam Barth. <a href="http://www.ietf.org/rfc/rfc6454.txt">The Web Origin Concept</a>. RFC. URL: <a href="http://www.ietf.org/rfc/rfc6454.txt">http://www.ietf.org/rfc/rfc6454.txt</a>
   <dt id="biblio-rfc6761"><a class="self-link" href="#biblio-rfc6761"></a>[RFC6761]
   <dd>Stuart Cheshire; Marc Krochmal. <a href="http://www.ietf.org/rfc/rfc6761.txt">Special-Use Domain Names</a>. RFC. URL: <a href="http://www.ietf.org/rfc/rfc6761.txt">http://www.ietf.org/rfc/rfc6761.txt</a>
   <dt id="biblio-url"><a class="self-link" href="#biblio-url"></a>[URL]
   <dd>Anne van Kesteren. <a href="https://url.spec.whatwg.org/">URL</a>. Living Standard. URL: <a href="https://url.spec.whatwg.org/">https://url.spec.whatwg.org/</a>
   <dt id="biblio-w3c-process"><a class="self-link" href="#biblio-w3c-process"></a>[W3C-PROCESS]
   <dd>Charles McCathie Nevile. <a href="http://www.w3.org/2014/Process-20140801/">World Wide Web Consortium Process Document</a>. URL: <a href="http://www.w3.org/2014/Process-20140801/">http://www.w3.org/2014/Process-20140801/</a>
   <dt id="biblio-dom"><a class="self-link" href="#biblio-dom"></a>[DOM]
   <dd>Anne van Kesteren; et al. <a href="http://www.w3.org/TR/dom/">W3C DOM4</a>. 18 June 2015. LCWD. URL: <a href="http://www.w3.org/TR/dom/">http://www.w3.org/TR/dom/</a>
   <dt id="biblio-geolocation-api"><a class="self-link" href="#biblio-geolocation-api"></a>[geolocation-API]
   <dd>Andrei Popescu. <a href="http://www.w3.org/TR/geolocation-API/">Geolocation API Specification</a>. 28 May 2015. PER. URL: <a href="http://www.w3.org/TR/geolocation-API/">http://www.w3.org/TR/geolocation-API/</a>
   <dt id="biblio-html5"><a class="self-link" href="#biblio-html5"></a>[HTML5]
   <dd>Ian Hickson; et al. <a href="http://www.w3.org/TR/html5/">HTML5</a>. 28 October 2014. REC. URL: <a href="http://www.w3.org/TR/html5/">http://www.w3.org/TR/html5/</a>
   <dt id="biblio-rfc2119"><a class="self-link" href="#biblio-rfc2119"></a>[RFC2119]
   <dd>S. Bradner. <a href="https://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>. March 1997. Best Current Practice. URL: <a href="https://tools.ietf.org/html/rfc2119">https://tools.ietf.org/html/rfc2119</a>
  </dl>
  <h3 class="no-num heading settled" id="informative"><span class="content">Informative References</span><a class="self-link" href="#informative"></a></h3>
  <dl>
   <dt id="biblio-bluetooth"><a class="self-link" href="#biblio-bluetooth"></a>[BLUETOOTH]
   <dd>Jeffrey Yasskin; Vincent Scheib. <a href="https://webbluetoothcg.github.io/web-bluetooth/">Web Bluetooth</a>. URL: <a href="https://webbluetoothcg.github.io/web-bluetooth/">https://webbluetoothcg.github.io/web-bluetooth/</a>
   <dt id="biblio-comcast"><a class="self-link" href="#biblio-comcast"></a>[COMCAST]
   <dd>David Kravets. <a href="http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/">Comcast Wi-Fi serving self-promotional ads via JavaScript injection</a>. URL: <a href="http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/">http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/</a>
   <dt id="biblio-credential-management"><a class="self-link" href="#biblio-credential-management"></a>[CREDENTIAL-MANAGEMENT]
   <dd>Mike West. <a href="https://w3c.github.io/webappsec/specs/credentialmanagement/">Credential Management</a>. ED. URL: <a href="https://w3c.github.io/webappsec/specs/credentialmanagement/">https://w3c.github.io/webappsec/specs/credentialmanagement/</a>
   <dt id="biblio-discovery"><a class="self-link" href="#biblio-discovery"></a>[DISCOVERY]
   <dd>Rich Tibbett. <a href="https://dvcs.w3.org/hg/dap/raw-file/tip/discovery-api/Overview.html">Network Service Discovery</a>. URL: <a href="https://dvcs.w3.org/hg/dap/raw-file/tip/discovery-api/Overview.html">https://dvcs.w3.org/hg/dap/raw-file/tip/discovery-api/Overview.html</a>
   <dt id="biblio-indexeddb"><a class="self-link" href="#biblio-indexeddb"></a>[IndexedDB]
   <dd>Nikunj Mehta; et al. <a href="http://www.w3.org/TR/IndexedDB/">Indexed Database API</a>. 8 January 2015. REC. URL: <a href="http://www.w3.org/TR/IndexedDB/">http://www.w3.org/TR/IndexedDB/</a>
   <dt id="biblio-powerful-new-features"><a class="self-link" href="#biblio-powerful-new-features"></a>[POWERFUL-NEW-FEATURES]
   <dd>Chrome Security Team. <a href="https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features">Prefer Secure Origins For Powerful New Features</a>. URL: <a href="https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features">https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features</a>
   <dt id="biblio-rfc7258"><a class="self-link" href="#biblio-rfc7258"></a>[RFC7258]
   <dd>Stephen Farrell; Hannes Tschofenig. <a href="http://www.ietf.org/rfc/rfc7258.txt">Pervasive Monitoring Is an Attack</a>. RFC. URL: <a href="http://www.ietf.org/rfc/rfc7258.txt">http://www.ietf.org/rfc/rfc7258.txt</a>
   <dt id="biblio-verizon"><a class="self-link" href="#biblio-verizon"></a>[VERIZON]
   <dd>Mark Bergen; Alex Kantrowitz. <a href="http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/">Verizon looks to target its mobile subscribers with ads</a>. URL: <a href="http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/">http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/</a>
   <dt id="biblio-encrypted-media"><a class="self-link" href="#biblio-encrypted-media"></a>[ENCRYPTED-MEDIA]
   <dd>David Dorwin; et al. <a href="http://www.w3.org/TR/encrypted-media/">Encrypted Media Extensions</a>. 31 March 2015. WD. URL: <a href="http://www.w3.org/TR/encrypted-media/">http://www.w3.org/TR/encrypted-media/</a>
   <dt id="biblio-fullscreen"><a class="self-link" href="#biblio-fullscreen"></a>[FULLSCREEN]
   <dd>Anne van Kesteren; Tantek Çelik. <a href="http://www.w3.org/TR/fullscreen/">Fullscreen</a>. 18 November 2014. NOTE. URL: <a href="http://www.w3.org/TR/fullscreen/">http://www.w3.org/TR/fullscreen/</a>
   <dt id="biblio-mediacapture-streams"><a class="self-link" href="#biblio-mediacapture-streams"></a>[MEDIACAPTURE-STREAMS]
   <dd>Daniel Burnett; et al. <a href="http://www.w3.org/TR/mediacapture-streams/">Media Capture and Streams</a>. 14 April 2015. LCWD. URL: <a href="http://www.w3.org/TR/mediacapture-streams/">http://www.w3.org/TR/mediacapture-streams/</a>
   <dt id="biblio-rfc6265"><a class="self-link" href="#biblio-rfc6265"></a>[RFC6265]
   <dd>A. Barth. <a href="https://tools.ietf.org/html/rfc6265">HTTP State Management Mechanism</a>. April 2011. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc6265">https://tools.ietf.org/html/rfc6265</a>
   <dt id="biblio-service-workers"><a class="self-link" href="#biblio-service-workers"></a>[SERVICE-WORKERS]
   <dd>Alex Russell; Jungkee Song; Jake Archibald. <a href="http://www.w3.org/TR/service-workers/">Service Workers</a>. 25 June 2015. WD. URL: <a href="http://www.w3.org/TR/service-workers/">http://www.w3.org/TR/service-workers/</a>
  </dl>
  <h2 class="no-num heading settled" id="idl-index"><span class="content">IDL Index</span><a class="self-link" href="#idl-index"></a></h2>
<pre class="idl">partial interface <a class="idl-code" data-link-type="interface" href="http://www.w3.org/TR/dom/#interface-window">Window</a> {
  readonly attribute boolean <a data-readonly="" data-type="boolean " href="#dom-window-issecurecontext">isSecureContext</a>;
};

partial interface <a class="idl-code" data-link-type="interface" href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope">WorkerGlobalScope</a> {
  readonly attribute boolean <a data-readonly="" data-type="boolean " href="#dom-workerglobalscope-issecurecontext">isSecureContext</a>;
};

</pre>
 </body>
</html>