Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Is an environment settings object contextually secure?" does not deal with nested workers #56

Closed
annevk opened this issue Mar 1, 2018 · 4 comments · Fixed by whatwg/html#5659
Closed

"Is an environment settings object contextually secure?" does not deal with nested workers #56

annevk opened this issue Mar 1, 2018 · 4 comments · Fixed by whatwg/html#5659

Comments

@annevk
Copy link
Member

annevk commented Mar 1, 2018

Per HTML you can have a dedicated worker inside a dedicated worker. Or a shared worker inside a dedicated worker. At that point it's owner set won't include a Document object, meaning they're always treated as secure.
@annevk annevk mentioned this issue Mar 1, 2018
Merged
@bzbarsky
Copy link

bzbarsky commented Mar 1, 2018

In Gecko, a worker with a parent worker inherits secure context state from the parent worker. See https://searchfox.org/mozilla-central/rev/769222fadff46164f8cc0dc7a0bae5a60dc2f335/dom/workers/WorkerPrivate.cpp#2632 and compare to the toplevel worker case at https://searchfox.org/mozilla-central/rev/769222fadff46164f8cc0dc7a0bae5a60dc2f335/dom/workers/WorkerPrivate.cpp#2649-2655

@bzbarsky
Copy link

bzbarsky commented Mar 1, 2018

Oh, and Gecko does not support SharedWorker inside a dedicated worker, so we don't end up having to worry about that case..

@annevk annevk mentioned this issue May 18, 2020
Closed
domenic added a commit to whatwg/html that referenced this issue Jun 19, 2020
@domenic
Define "secure context"
9e6bf11 
This supersedes the definition in
https://w3c.github.io/webappsec-secure-contexts/, and fixes several bugs
while doing so.

Closes #5558. Closes w3c/webappsec-secure-contexts#56. Closes
w3c/webappsec-secure-contexts#57. Closes
w3c/webappsec-secure-contexts#74. Closes
w3c/webappsec-secure-contexts#75.
@domenic domenic mentioned this issue Jun 19, 2020
Merged
domenic added a commit to whatwg/html that referenced this issue Jun 24, 2020
@domenic
Define "secure context"
81b5a62 
This supersedes the definition in
https://w3c.github.io/webappsec-secure-contexts/, and fixes several bugs
while doing so.

Closes #5558. Closes w3c/webappsec-secure-contexts#56. Closes
w3c/webappsec-secure-contexts#57. Closes
w3c/webappsec-secure-contexts#74. Closes
w3c/webappsec-secure-contexts#75.
domenic added a commit to whatwg/html that referenced this issue Jun 25, 2020
@domenic
Define "secure context"
a5f858b 
This supersedes the definition in
https://w3c.github.io/webappsec-secure-contexts/, and fixes several bugs
while doing so.

Closes #5558. Closes w3c/webappsec-secure-contexts#56. Closes
w3c/webappsec-secure-contexts#57. Closes
w3c/webappsec-secure-contexts#74. Closes
w3c/webappsec-secure-contexts#75.
@annevk
Copy link
Member Author

annevk commented Jul 2, 2020

whatwg/html#5659 resolved this, but since this specification doesn't appear to be maintained, leaving this open for now for visibility.

@annevk annevk reopened this Jul 2, 2020
mfreed7 pushed a commit to mfreed7/html that referenced this issue Sep 11, 2020
@domenic @mfreed7
Define "secure context"
3643715 
This supersedes the definition in
https://w3c.github.io/webappsec-secure-contexts/, and fixes several bugs
while doing so.

Closes whatwg#5558. Closes w3c/webappsec-secure-contexts#56. Closes
w3c/webappsec-secure-contexts#57. Closes
w3c/webappsec-secure-contexts#74. Closes
w3c/webappsec-secure-contexts#75.
@annevk
Copy link
Member Author

annevk commented Jan 12, 2021

Sorted by #84.

@annevk annevk closed this as completed Jan 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Define "secure context" whatwg/html
2 participants
@bzbarsky @annevk