-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[worklets] Restrict worklets to same-origin #473
Comments
I don't see a solid "conclusion" or "agreement" in the thread above. However, perhaps starting from same-origin restriction and expanding to cross-origin later sounds reasonable to me. Is there any action time here for Web Audio API spec? |
I'm slightly confused from the other thread: This issue seems to be about how this would integrate with the service workers From @wanderview
The sub-resource request via From @annevk
But they are? My understanding at least is that a |
I've looked at the spec some more. The worklet global is currently spec'd to be an opaque origin. So this issue probably doesn't make too much sense. Also, the spec is written such that the worklet does not fetch its own module scripts. This is done by the owning document. So its ok to treat the worklet global as a proper client. It just has an opaque origin and no one can see it via the Clients API. It also isn't controlled by a service worker, but thats ok too since it doesn't do any fetching itself. I think this can probably be closed. (At least from my perspective.) Sorry for the confusion. |
@bfgeek I'm fine with worklets being subresources though, though I don't think that should mean that dedicated workers should become that too. See whatwg/html#3109 and whatwg/html#3112 for that discussion, which @domenic wants to tie to this one... |
Right, so far |
Is this issue still valid? I'm unsure how to proceed here... |
I don't think worklets can be clients as they are not resource-derived. So their client must be the document that created them. |
Closing then; see also some IRC discussion in https://freenode.logbot.info/whatwg/20201019#c5510723 |
See whatwg/fetch#527 (comment) by @wanderview. This would allow us to make worklets proper clients.
cc @jakearchibald @jungkees @mikewest
The text was updated successfully, but these errors were encountered: