Currently nsDocShell does its own 3rd-party URL, private browsing, etc checks in order to block service worker interception when storage is not allowed. Ideally it should use the nsContentUtils::StorageAllowed*() methods instead. Unfortunately this is not possible currently since nsDocShell sometimes needs this before nsPermissionManager has data in the child process. After we move service worker interception to the parent process we should make sure it uses our proper StorageAllowed code instead of its own side implementation.
We changed plans and are going to preload the cookie permission. Lets use this bug to remove the cookie permission preload once service worker begins checking storage access in the parent process.
Summary: service worker code should use nsContentUtils::StorageAllowed*() methods to block non-subresource interceptions → remove cookie permission preload after service worker code checks storage access in parent process.
You need to log in before you can comment on or make changes to this bug.