-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How are non-secure context Clients observable? #791
Comments
Yes, that's the intention. Here's the summary how the APIs deal with the non-secure contexts: #754 (comment).
I'm not clear with this. Is there any such place in the spec I'm missing? |
@jungkees Look for the phrase "not a secure context" in the spec. |
Re client's id, fetch events for a non-secure client is also filtered out in Handle Fetch, but a non-secure client's id can still be exposed if we don't filter it out in |
Closing. Please let me know if more discussion is needed. |
My point was mostly about |
As far as I can tell from reading the spec, a
Client
representing a non-secure context cannot be observed.Clients.matchAll()
when used withincludeUncontrolled: true
already excludes non-secureClient
s. AndClients.get()
also excludes non-secureClient
s (and it's impossible to observe such aclientId
in the first place since we don't dispatchFetchEvent
s for such clients anyways).Does this mean that implementations are free to ignore the places in the spec where we're talking about
Client
objects being non-secure?The text was updated successfully, but these errors were encountered: