This repository has been archived by the owner on Dec 12, 2020. It is now read-only.
Explain the lack of impact on workers #9
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
annevk
reviewed
Jan 15, 2020
README.md
Outdated
|
|
||
| We mentioned above that origin isolation has no effect on workers. Here we explain why exactly that is. | ||
|
|
||
| First note that shared and service workers are already isolated into their own agent clusters. The only other things that exist in those agent clusters are potential nested dedicated workers. Everything is already same-origin within those shared and service worker agent clusters. |
There was a problem hiding this comment.
Not quite everything, but everything that creates an agent, yes?
There was a problem hiding this comment.
I guess I meant "all other agents are already same-origin", so this should probably be merged with the previous sentence. Will update.
README.md
Outdated
|
|
||
| What remains to consider is dedicated workers which are spawned directly by documents. Those end up in the agent cluster of their owner document, and the allocation of that agent cluster is impacted by origin isolation, which makes it origin-keyed instead of site-keyed. | ||
|
|
||
| However, being origin-keyed has no observable impact for code inside a dedicated worker. All access to other realms is asynchronous inside a dedicated worker, so `document.domain` does not apply. And there's no way for dedicated worker code to send a `SharedArrayBuffer` to a same-site cross-origin destination, because the only thing it can communicate with is its parent document, or further nested dedicated workers, all of which are same-origin. (Note that even `BroadcastChannel`, which bypasses the need to have a direct reference to the destination, is restricted to same-origin communications.) |
There was a problem hiding this comment.
With cooperation of the parent document you can use MessageChannel to communicate same-site cross-origin. However, due to the keying of the parent document's agent cluster that would be a different agent cluster and therefore fail for SharedArrayBuffer.
There was a problem hiding this comment.
Right, that's true. I explained that scenario a bit; let me know what you think of the result.
annevk
approved these changes
Jan 16, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #4.
@annevk, would you mind reviewing?