On Sep 23, 2016 9:15 PM, "Boris Zbarsky" > Concerns: No one else implements this so far, and it does add one interesting requirement: it requires that shared workers not be shared between secure and insecure contexts. Whichever one creates the shared worker first wins; the other creation attempt throws. It _may_ be better to have an error event here instead of an exception (akin to what we do for origin mismatches on the worker url). It may also turn out that not creating the shared worker in this situation creates a compat issue... So far I haven't been able to figure out a sane way to test whether Chrome does the shared worker thing (which it might do even though it doesn't implement the DOM API).
Some spec discussion for this is here btw: https://github.com/w3c/webappsec/issues/406 To be honest I don't love the order dependent nature of this. If I had my druthers I'd rather just restrict `new SharedWorker()` to secure contexts completely. If you can't use the API from insecure contexts the problem goes away. Given some people think SharedWorker can be removed completely, it might not even be a compat problem. (Safari removed SharedWorker and no one noticed...) By the same argument, though, I should probably just not worry about this API corner case. So looks good to me. Ben _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
