If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

service workers should not be able to make http requests when there is no browsing context

NEW
Unassigned

Status

()

Core
DOM: Service Workers
2 years ago
9 months ago

People

(Reporter: bkelly, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
This is a consequence of mixed content and its integration with SW.  See:

  https://github.com/whatwg/fetch/issues/69
Ehsan wonders if this is true for Shared Workers as well.
Flags: needinfo?(bkelly)
(Reporter)

Comment 2

2 years ago
I don't think SharedWorkers can exist without a document attached, can they?  I thought the SharedWorker was stopped when the last document closed.
Flags: needinfo?(bkelly)
They can exist with more than one Client...
Note: request window is defined here: <https://fetch.spec.whatwg.org/#concept-request-window>
Assignee: nobody → ehsan
Status: NEW → ASSIGNED
Blocks: 1173500
No longer blocks: 1059784
(Reporter)

Comment 5

2 years ago
We don't think this blocks v1 because currently the only way to get a service worker without a window is via a push event, which is separate from v1.

Also, I think the spec has changed a bit here.  It now has the concept of the associated window as an internal property on the Request.  This would likely be reflected in our code by stashing the intercepted channel's loading document on InternalRequest and then using it for the FetchDriver channel.
(Reporter)

Updated

9 months ago
Assignee: ehsan → nobody
Blocks: 1226983
No longer blocks: 1173500
Status: ASSIGNED → NEW
Summary: Test the service workers cannot make http requests when there is no browsing context → service workers should not be able to make http requests when there is no browsing context
You need to log in before you can comment on or make changes to this bug.