Workers with blob: URIs should inherit HTTPS state #929
Assignees
Labels
Comments
|
@mikewest what do you think the best thing to do is here? In a way we could just copy HTTPS state from whatever created the worker, since it'll be same-origin, but that doesn't really seem great or future proof. |
|
HTTP state (and active CSP) seems like something that is tied to the place where the blob is created. I think we ought to be storing a few bits of information on the blob when it's created, and persist those through whenever it's instantiated/requested. |
|
That makes sense. |
This was referenced Apr 4, 2016
|
I think that makes this a bug of File API and Fetch. @jwatt agreed? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that a Worker's 'client' is its own environment settings object.
https://html.spec.whatwg.org/#fetch-a-classic-worker-script
Fetch says that a fetch request for a blob: URI inherits HTTPS state from the 'client', which means for blobs it inherits it from itself, which doesn't make much sense.
https://fetch.spec.whatwg.org/#basic-fetch
The text was updated successfully, but these errors were encountered: