-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workers test throwing unsupported on Safari 17.3 #259
Comments
Good catch. It's likely connected with the use of inline workers and modifications implemented here. I will investigate. |
I'm pondering on whether it is worth changing to support Safari. For now, the single file test page works on safari here. |
Interesting. |
A vulnerability seems to be the case. Possibly connected with https://bugs.webkit.org/show_bug.cgi?id=243555. |
It's likely determined low based on the severity of canvas entropy derived from Apple GPUs. Canvas protections, at best, probably only neutralize annoying cross site trackers. WebKit hardware acceleration entropy seems fairly uniform within the same OS/browser version. I imagine, they will consider and fix if feasible. I recall Brave had a similar issue and patched. |
As it turns out, I just discovered that this affects Firefox as well. Service Workers don't apply canvas protections. |
Apple assigned this vulnerability as CVE-2024-27830 and resolved the issue in Safari 17.5. Firefox's issues should be resolved in 127. |
Nice. Thanks for the update @Joe12387 |
Hi there.
I noticed that your service worker test does not seem to work properly on Safari as of 17.3 on both macOS and iOS, and it says that all service worker types are unsupported. Correct me if I'm wrong, but I do believe service workers are still a supported feature in Safari and, if my memory serves me, versions of Safari prior to 17.3 worked as expected on this page.
Thanks!
The text was updated successfully, but these errors were encountered: