Should throw SecurityError when loading a worker with a cross-origin script #9794
Labels
Comments
|
See web-platform-tests/wpt#41745 which is awaiting a reply from @hiroshige-g. Given it's almost been a month maybe it's time to agenda+. cc @youennf |
|
It seems there is no more spec work to do here and we are keeping this issue open so that Youenn can hear more about Chromium's engineering plans? (I think the thing which is "awaiting reply" is web-platform-tests/wpt#41745 (comment), correct?) I've pinged @hiroshige-g but I'll close this since there doesn't appear to be a spec issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
According to https://html.spec.whatwg.org/#dom-worker, it is not necessary to throw a synchronous security error when the script is a cross-origin URL.
So Firefox implements with dispatching an ErrorEvent to the WorkerScope once the script violates the cross-origin policy.
However, Chromium and Safari implementation will throw a SecurityError immediately.
This causes web developers complain the different behavior between browsers. So I fire this issue to discuss if the spec needs to update.
The text was updated successfully, but these errors were encountered: