You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a use case with an untrusted front-end server that hosts a service worker source script as a signed exchange:service_worker.sxg.
The main page of the website is also distributed as a signed exchange and registers the service worker as follows:
// This JS is running with the `trusted.back.end` origin.navigator.serviceWorker.register('https://untrusted.front.end/service_worker.sxg');
Currently this fails in Chrome 107 with an error:
Failed to register a ServiceWorker: The origin of the provided scriptURL ('https://untrusted.front.end') does not match the current origin
Question: What is the expected behaviour according to the SXG specification here?
Based on the explainer and the spirit of SXG, I was expecting the service worker registration to succeed because the service worker source script resource should be considered as having the same trusted origin.
The text was updated successfully, but these errors were encountered:
We have a use case with an untrusted front-end server that hosts a service worker source script as a signed exchange:
service_worker.sxg.The main page of the website is also distributed as a signed exchange and registers the service worker as follows:
Currently this fails in Chrome 107 with an error:
Question: What is the expected behaviour according to the SXG specification here?
Based on the explainer and the spirit of SXG, I was expecting the service worker registration to succeed because the service worker source script resource should be considered as having the same trusted origin.
The text was updated successfully, but these errors were encountered: