service workers should not be able to make http requests when there is no browsing context

NEW
Unassigned

Status

()

defect
P3
normal
4 years ago
a year ago

People

(Reporter: bkelly, Unassigned)

Tracking

(Blocks 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

This is a consequence of mixed content and its integration with SW.  See:

  https://github.com/whatwg/fetch/issues/69
Ehsan wonders if this is true for Shared Workers as well.
Flags: needinfo?(bkelly)
I don't think SharedWorkers can exist without a document attached, can they?  I thought the SharedWorker was stopped when the last document closed.
Flags: needinfo?(bkelly)

Comment 3

4 years ago
They can exist with more than one Client...

Comment 4

4 years ago
Note: request window is defined here: <https://fetch.spec.whatwg.org/#concept-request-window>

Updated

4 years ago
Assignee: nobody → ehsan
Status: NEW → ASSIGNED

Updated

4 years ago
Blocks: ServiceWorkers-postv1
No longer blocks: ServiceWorkers-v1
We don't think this blocks v1 because currently the only way to get a service worker without a window is via a push event, which is separate from v1.

Also, I think the spec has changed a bit here.  It now has the concept of the associated window as an internal property on the Request.  This would likely be reflected in our code by stashing the intercepted channel's loading document on InternalRequest and then using it for the FetchDriver channel.
(Reporter)

Updated

2 years ago
Assignee: ehsan → nobody
Status: ASSIGNED → NEW
Summary: Test the service workers cannot make http requests when there is no browsing context → service workers should not be able to make http requests when there is no browsing context
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.