diff --git a/docs/index.bs b/docs/index.bs
index 0b5dd618..8119cd0c 100644
--- a/docs/index.bs
+++ b/docs/index.bs
@@ -165,7 +165,9 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
A [=/service worker=] has an associated skip waiting flag. Unless stated otherwise it is unset.
- A [=/service worker=] has an associated imported scripts updated flag. It is initially unset.
+ A [=/service worker=] has an associated classic scripts imported flag. It is initially unset.
+
+ A [=/service worker=] has an associated include updated resources flag. It is initially unset.
A [=/service worker=] has an associated set of event types to handle (a [=ordered set|set=]) whose [=list/item=] is an event listener's event type. It is initially an empty set.
@@ -2027,22 +2029,28 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
When the importScripts(|urls|) method is called on a {{ServiceWorkerGlobalScope}} object, the user agent *must* import scripts into worker global scope, given this {{ServiceWorkerGlobalScope}} object and |urls|, and with the following steps to [=fetching scripts/perform the fetch=] given the [=/request=] |request|:
1. Let |serviceWorker| be |request|'s [=request/client=]'s [=environment settings object/global object=]'s [=ServiceWorkerGlobalScope/service worker=].
- 1. If |serviceWorker|'s imported scripts updated flag is unset, then:
- 1. Let |registration| be |serviceWorker|'s [=containing service worker registration=].
- 1. Set |request|'s [=service-workers mode=] to "`none`".
- 1. Set |request|'s [=request/cache mode=] to "no-cache" if any of the following are true:
- * |registration|'s [=service worker registration/update via cache mode=] is "`none`".
- * The [=current global object=]'s [=force bypass cache for importscripts flag=] is set.
- * |registration|'s [=last update check time=] is not null and the time difference in seconds calculated by the current time minus |registration|’s [=last update check time=] is greater than 86400.
- 1. Let |response| be the result of fetching |request|.
- 1. If |response|’s cache state is not "local", set |registration|’s [=service worker registration/last update check time=] to the current time.
- 1. [=Extract a MIME type=] from the |response|'s [=unsafe response=]'s [=response/header list=]. If this MIME type (ignoring parameters) is not a [=JavaScript MIME type=], return a [=network error=].
- 1. If |response|'s unsafe response's [=response/type=] is not "error", and |response|'s [=response/status=] is an ok status, then:
- 1. [=map/Set=] script resource map[|request|'s [=request/url=]] to |response|.
- 1. Return |response|.
- 1. Else:
- 1. If script resource map[|url|] [=map/exists=], return script resource map[|url|].
- 1. Else, return a network error.
+ 1. If |serviceWorker|'s [=service worker/script resource map=][|request|'s [=request/url=]] [=map/exists=], return [=service worker/script resource map=][|request|'s [=request/url=]].
+ 1. If |serviceWorker|'s [=state=] is *installed*, *activating*, *activated*, or *redundant*, return a [=network error=].
+ 1. Let |registration| be |serviceWorker|'s [=containing service worker registration=].
+ 1. Set |request|'s [=service-workers mode=] to "`none`".
+ 1. Set |request|'s [=request/cache mode=] to "no-cache" if any of the following are true:
+ * |registration|'s [=service worker registration/update via cache mode=] is "`none`".
+ * The [=current global object=]'s [=force bypass cache for importscripts flag=] is set.
+ * |registration|'s [=last update check time=] is not null and the time difference in seconds calculated by the current time minus |registration|’s [=last update check time=] is greater than 86400.
+ 1. Let |response| be the result of fetching |request|.
+ 1. If |response|’s cache state is not "local", set |registration|’s [=service worker registration/last update check time=] to the current time.
+ 1. [=Extract a MIME type=] from the |response|'s [=unsafe response=]'s [=response/header list=]. If this MIME type (ignoring parameters) is not a [=JavaScript MIME type=], return a [=network error=].
+ 1. If |response|'s unsafe response's [=response/type=] is not "error", and |response|'s [=response/status=] is an ok status, then:
+ 1. Let |newestWorker| be the result of running [=Get Newest Worker=] with |registration|.
+ 1. Let |resource| be null.
+ 1. If |newestWorker| is not null, set |resource| to |newestWorker|'s [=service worker/script resource map=][|request|'s [=request/url=]], or null if it does not [=map/exist=].
+ 1. Set |serviceWorker|'s [=service worker/include updated resources flag=] if any of the following are true:
+ * |newestWorker| is null.
+ * |resource| is null.
+ * |resource|'s [=response/body=] is not byte-for-byte identical with |response|'s [=response/body=].
+ 1. [=map/Set=] [=service worker/script resource map=][|request|'s [=request/url=]] to |response|.
+ 1. Set |serviceWorker|'s [=classic scripts imported flag=].
+ 1. Return |response|.
@@ -2069,7 +2077,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
Privacy
- [=/Service workers=] introduce new persistent storage features including scope to registration map (for [=/service worker registrations=] and their [=/service workers=]), [=request response list=] and name to cache map (for caches), and script resource map (for script resources). In order to protect users from any potential unsanctioned tracking threat, these persistent storages *should* be cleared when users intend to clear them and *should* maintain and interoperate with existing user controls e.g. purging all existing persistent storages.
+ [=/Service workers=] introduce new persistent storage features including scope to registration map (for [=/service worker registrations=] and their [=/service workers=]), [=request response list=] and name to cache map (for caches), and [=service worker/script resource map=] (for script resources). In order to protect users from any potential unsanctioned tracking threat, these persistent storages *should* be cleared when users intend to clear them and *should* maintain and interoperate with existing user controls e.g. purging all existing persistent storages.
@@ -2147,8 +2155,12 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
A job has a worker type ("classic" or "module").
+ A [=job=] has a script resource map which is an ordered map where the keys are [=/URLs=] and the values are [=/responses=].
+
A job has an update via cache mode, which is "`imports`", "`all`", or "`none`".
+ A [=job=] has a potentially include updated resources flag. It is initially unset.
+
A job has a client (a [=/service worker client=]). It is initially null.
A job has a referrer (a [=/URL=] or null).
@@ -2418,6 +2430,11 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
1. Else:
1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}.
1. Asynchronously complete these steps with a network error.
+ 1. Set |job|'s [=job/potentially include updated resources flag=] if any of the following are true:
+ * |newestWorker| is null.
+ * |newestWorker|'s [=classic scripts imported flag=] is set.
+ * |newestWorker|'s [=service worker/script resource map=][|request|'s [=request/url=]]'s [=response/body=] is not byte-for-byte identical with |response|'s [=response/body=].
+ 1. Set |job|'s [=job/script resource map=][|request|'s [=request/url=]] to |response|.
1. If |response|'s cache state is not "local", set |registration|'s last update check time to the current time.
Issue: The response's cache state concept had been removed from fetch. The fetch issue #376 tracks the request to restore the concept or add some similar way to check this state.
@@ -2434,20 +2451,23 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
1. Invoke Finish Job with |job| and abort these steps.
Else, continue the rest of these steps after the algorithm's asynchronous completion, with |script| being the asynchronous completion value.
-
- 1. If |newestWorker| is not null, |newestWorker|'s [=service worker/script url=] [=url/equals=] |job|'s [=job/script url=], and |script|'s [=source text=] is a byte-for-byte match with |newestWorker|'s [=script resource=]'s [=source text=], if |script| is a [=classic script=], and |script|'s [=module script/module record=]'s \[[ECMAScriptCode]] is a byte-for-byte match with |newestWorker|'s [=script resource=]'s [=module script/module record=]'s \[[ECMAScriptCode]] otherwise, then:
+ 1. If |job|'s [=job/potentially include updated resources flag=] is unset, then:
1. Invoke [=Resolve Job Promise=] with |job| and |registration|.
+ 1. Invoke [=Finish Job=] with |job| and abort these steps.
+ 1. Let |worker| be a new [=/service worker=].
+ 1. Set |worker|'s [=service worker/script url=] to |job|'s [=job/script url=], |worker|'s script resource to |script|, and |worker|'s [=service worker/type=] to |job|'s worker type.
+ 1. [=map/For each=] |url| → |response| of |job|'s [=job/script resource map=]:
+ 1. Set |worker|'s [=service worker/script resource map=][|url|] to |response|.
+ 1. Set |worker|'s script resource's HTTPS state to |httpsState|.
+ 1. Set |worker|'s script resource's [=script resource/referrer policy=] to |referrerPolicy|.
+ 1. Invoke Run Service Worker algorithm given |worker|, and with the *force bypass cache for importscripts flag* set if |job|'s [=job/force bypass cache flag=] is set.
+ 1. If an uncaught runtime script error occurs during the above step, then:
+ 1. Invoke [=Reject Job Promise=] with |job| and `TypeError`.
+ 1. If |newestWorker| is null, invoke Clear Registration algorithm passing |registration| as its argument.
1. Invoke Finish Job with |job| and abort these steps.
- 1. Else:
- 1. Let |worker| be a new [=/service worker=].
- 1. Set |worker|'s [=service worker/script url=] to |job|'s [=job/script url=], |worker|'s script resource to |script|, and |worker|'s [=service worker/type=] to |job|'s worker type.
- 1. Set |worker|'s script resource's HTTPS state to |httpsState|.
- 1. Set |worker|'s script resource's [=script resource/referrer policy=] to |referrerPolicy|.
- 1. Invoke Run Service Worker algorithm given |worker|, and with the *force bypass cache for importscripts flag* set if |job|'s [=job/force bypass cache flag=] is set.
- 1. If an uncaught runtime script error occurs during the above step, then:
- 1. Invoke [=Reject Job Promise=] with |job| and `TypeError`.
- 1. If |newestWorker| is null, invoke Clear Registration algorithm passing |registration| as its argument.
- 1. Invoke Finish Job with |job| and abort these steps.
+ 1. If |worker|'s [=classic scripts imported flag=] is set, and |worker|'s [=service worker/include updated resources flag=] is unset, then:
+ 1. Invoke [=Resolve Job Promise=] with |job| and |registration|.
+ 1. Invoke [=Finish Job=] with |job| and abort these steps.
1. Invoke Install algorithm with |job|, |worker|, and |registration| as its arguments.
@@ -2509,7 +2529,6 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
1. Run the Update Registration State algorithm passing |registration|, "installing" and null as the arguments.
1. If |newestWorker| is null, invoke Clear Registration algorithm passing |registration| as its argument.
1. Invoke Finish Job with |job| and abort these steps.
- 1. Set |registration|'s installing worker's imported scripts updated flag.
1. If |registration|'s waiting worker is not null, then:
1. [=Terminate Service Worker|Terminate=] |registration|'s [=waiting worker=].
1. Run the [=Update Worker State=] algorithm passing |registration|'s [=waiting worker=] and *redundant* as the arguments.