Skip to content
This repository has been archived by the owner on Jul 18, 2019. It is now read-only.

Async importScripts() in SW is problematic #3

Closed
jeffposnick opened this issue Aug 8, 2018 · 3 comments
Closed

Async importScripts() in SW is problematic #3

jeffposnick opened this issue Aug 8, 2018 · 3 comments

Comments

@jeffposnick
Copy link

As per the SW spec, and summarized at w3c/ServiceWorker#1319 (comment), calls to importScripts() are allowed either during the initial, synchronous, top-level SW execution or during the install event handler.

Chrome doesn't currently follow the spec and allows arbitrary, async importScripts(), but this is a bug that needs to be fixed.

Using this library could lead to folks to inadvertently calls importScripts() in a way that is meant to be disallowed, and (if they only test on Chrome) erroneously thinking that everything works fine because Chrome isn't throwing an exception.
@surma
Copy link
Owner

surma commented Aug 8, 2018

Hm...

Good that you file this. I’ll leave it like this for now as the only alternative would be fetch() + eval(), which is not CSP compliant. I’ll add a note to the README.

@surma surma closed this as completed Aug 8, 2018
@surma surma reopened this Aug 8, 2018
@surma
Copy link
Owner

surma commented Aug 8, 2018

On second thought, I’ll leave this open and think a bit more on what the right course of action is

@surma
Copy link
Owner

surma commented Aug 9, 2018

Fixed in 8cb54b7 by providing an option.

@surma surma closed this as completed Aug 9, 2018
@jeffposnick jeffposnick mentioned this issue May 29, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@surma @jeffposnick