From 7cd7668a1f04fa3d606e86c31f09458452fda1bf Mon Sep 17 00:00:00 2001 From: Jungkee Song Date: Mon, 12 Dec 2016 20:38:25 +0900 Subject: [PATCH] Include imported scripts to byte-check This changes the behavior of the service worker script resource comparison. Before this, only the main service worker script was compared to a new version. With this change, all the imported scripts stored in the imported scripts map as well as the main script are inspected against the corresponding network resources (based on the urls.) Note: - Service worker's script resource map has been renamed and moved to service worker's script resource's imported scritps map. - registration's last update check time's always updated whenever the response is fetched from the network (regardless it's a main script or an imported script.) Fixes #839. --- docs/index.bs | 41 ++++- docs/index.html | 375 ++++++++++++++++++++++++++++----------------- docs/v1/index.bs | 41 ++++- docs/v1/index.html | 353 ++++++++++++++++++++++++++---------------- 4 files changed, 529 insertions(+), 281 deletions(-) diff --git a/docs/index.bs b/docs/index.bs index b7fdad7e..c31b8f4f 100644 --- a/docs/index.bs +++ b/docs/index.bs @@ -156,7 +156,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe A script resource has an associated referrer policy (a [=/referrer policy=]). It is initially the empty string. - A [=/service worker=] has an associated script resource map which is an ordered map where the keys are [=/URLs=] and the values are [=/responses=]. + A [=script resource=] has an associated imported scripts map which is an ordered map where the keys are [=/URLs=] and the values are [=/responses=]. A [=/service worker=] has an associated skip waiting flag. Unless stated otherwise it is unset. @@ -2159,10 +2159,10 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Let |response| be the result of fetching |request|. 1. If |response|’s cache state is not "local", set |registration|’s [=service worker registration/last update check time=] to the current time. 1. If |response|'s unsafe response's [=response/type=] is not "error", and |response|'s [=response/status=] is an ok status, then: - 1. [=map/Set=] script resource map[|request|'s [=request/url=]] to |response| + 1. [=map/Set=] |serviceWorker|'s [=script resource=]'s [=script resource/imported scripts map=][|request|'s [=request/url=]] to |response|. 1. Return |response|. 1. Else: - 1. If script resource map[|url|] [=map/exists=], return script resource map[|url|]. + 1. If |serviceWorker|'s [=script resource=]'s [=script resource/imported scripts map=][|url|] [=map/exists=], return |serviceWorker|'s [=script resource=]'s [=script resource/imported scripts map=][|url|]. 1. Else, return a network error. @@ -2190,7 +2190,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe

Privacy

- [=/Service workers=] introduce new persistent storage features including scope to registration map (for [=/service worker registrations=] and their [=/service workers=]), request to response map and name to cache map (for caches), and script resource map (for script resources). In order to protect users from any potential unsanctioned tracking threat, these persistent storages *should* be cleared when users intend to clear them and *should* maintain and interoperate with existing user controls e.g. purging all existing persistent storages. + [=/Service workers=] introduce new persistent storage features including scope to registration map (for [=/service worker registrations=] and their [=/service workers=]), request to response map and name to cache map (for caches), and [=script resource/imported scripts map=] (for script resources). In order to protect users from any potential unsanctioned tracking threat, these persistent storages *should* be cleared when users intend to clear them and *should* maintain and interoperate with existing user controls e.g. purging all existing persistent storages.
@@ -2527,7 +2527,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe Else, continue the rest of these steps after the algorithm's asynchronous completion, with |script| being the asynchronous completion value. - 1. If |newestWorker| is not null, |newestWorker|'s [=service worker/script url=] [=url/equals=] |job|'s [=job/script url=] with the *exclude fragments flag* set, and |script|'s [=source text=] is a byte-for-byte match with |newestWorker|'s [=script resource=]'s [=source text=], if |script| is a [=classic script=], and |script|'s [=module script/module record=]'s \[[ECMAScriptCode]] is a byte-for-byte match with |newestWorker|'s [=script resource=]'s [=module script/module record=]'s \[[ECMAScriptCode]] otherwise, then: + 1. If |newestWorker| is not null, |newestWorker|'s [=service worker/script url=] [=url/equals=] |job|'s [=job/script url=] with the *exclude fragments flag* set, and the result of invoking [=Check If Service Worker Resources Are Identical=] with |newestWorker|'s [=script resource=], |script|, |registration|, and |job| is true, then: 1. Invoke Resolve Job Promise with |job| and the {{ServiceWorkerRegistration}} object which represents |registration|. 1. Invoke Finish Job with |job| and abort these steps. 1. Else: @@ -3222,6 +3222,37 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Return |newestWorker|. +
+

Check If Service Worker Resources Are Identical

+ + : Input + :: |sourceScript|, a [=script=] + :: |targetScript|, a [=script=] + :: |registration|, a [=/service worker registration=] + :: |job|, a [=job=] + : Output + :: True or false, a boolean + + 1. If |sourceScript| and |targetScript| are not both [=classic scripts=] or not both [=module scripts=], return false. + 1. If |sourceScript| is a [=classic script=], then: + 1. If |sourceScript|'s [=source text=] is not a byte-for-byte match with |targetScript|'s [=source text=], return false. + 1. Let |sourceMap| be |sourceScript|'s [=script resource/imported scripts map=]. + 1. [=map/For each=] |url| → |response| of |sourceMap|: + 1. Let |request| be a new [=/request=] whose [=request/url=] is |url|, [=request/client=] is |job|'s [=job/client=], [=request/type=] is "script", [=request/destination=] is "script", [=request/parser metadata=] is "not parser-inserted", [=request/synchronous flag=] is set, and whose [=request/use-URL-credentials flag=] is set. + 1. Set |request|'s [=request/cache mode=] to "no-cache" if any of the following are true: + * |registration|'s [=service worker registration/use cache=] is false. + * |job|'s [=force bypass cache flag=] is set. + * |registration|'s [=last update check time=] is not null and the time difference in seconds calculated by the current time minus |registration|’s [=last update check time=] is greater than 86400. + 1. Let |targetResponse| be the result of [=fetch|fetching=] |request|. + 1. If |targetResponse|'s cache state is not "local", set |registration|’s [=last update check time=] to the current time. + 1. Let |targetResponse| be |targetResponse|'s [=unsafe response=]. + 1. If |targetResponse|'s [=response/type=] is "error", or |targetResponse|'s [=response/status=] is not an [=ok status=], return false. + 1. If the result of [=UTF-8 decoding=] |response|'s [=response/body=] is not a byte-for-byte match with the result of [=UTF-8 decoding=] |targetResponse|'s [=response/body=], return false. + 1. If |sourceScript| is a [=module script=], then: + 1. If |sourceScript|’s [=module script/module record=]'s \[[ECMAScriptCode]] is not a byte-for-byte match with |targetScript|’s [=module script/module record=]'s \[[ECMAScriptCode]], return false. + 1. Return true. +
+

Create Client

diff --git a/docs/index.html b/docs/index.html index fe3e4992..bc4a076d 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1424,7 +1424,7 @@

Service Workers Nightly

-

Editor’s Draft,

+

Editor’s Draft,

This version: @@ -1695,6 +1695,7 @@

Table of Contents

  • Match Service Worker for Foreign Fetch
  • Get Registration
  • Get Newest Worker +
  • Check If Service Worker Resources Are Identical
  • Create Client
  • Create Window Client
  • Query Cache @@ -1757,16 +1758,16 @@

    A script resource has an associated has ever been evaluated flag. It is initially unset.

    A script resource has an associated HTTPS state (an HTTPS state value). It is initially "none".

    A script resource has an associated referrer policy (a referrer policy). It is initially the empty string.

    -

    A service worker has an associated script resource map which is an ordered map where the keys are URLs and the values are responses.

    -

    A service worker has an associated skip waiting flag. Unless stated otherwise it is unset.

    -

    A service worker has an associated imported scripts updated flag. It is initially unset.

    -

    A service worker has an associated set of event types to handle whose element type is an event listener’s event type. It is initially set to null.

    -

    A service worker has an associated list of foreign fetch scopes whose element type is a URL. It is initially empty.

    -

    A service worker has an associated list of foreign fetch origins whose element type is a URL. It is initially empty.

    +

    A script resource has an associated imported scripts map which is an ordered map where the keys are URLs and the values are responses.

    +

    A service worker has an associated skip waiting flag. Unless stated otherwise it is unset.

    +

    A service worker has an associated imported scripts updated flag. It is initially unset.

    +

    A service worker has an associated set of event types to handle whose element type is an event listener’s event type. It is initially set to null.

    +

    A service worker has an associated list of foreign fetch scopes whose element type is a URL. It is initially empty.

    +

    A service worker has an associated list of foreign fetch origins whose element type is a URL. It is initially empty.

    2.1.1. Lifetime

    -

    The lifetime of a service worker is tied to the execution lifetime of events and not references held by service worker clients to the ServiceWorker object.

    -

    A user agent may terminate service workers at any time it:

    +

    The lifetime of a service worker is tied to the execution lifetime of events and not references held by service worker clients to the ServiceWorker object.

    +

    A user agent may terminate service workers at any time it:

    @@ -2346,8 +2347,8 @@

    attribute EventHandler onmessage; // event.source of the message events is Client object }; -

    A ServiceWorkerGlobalScope object represents the global execution context of a service worker. A ServiceWorkerGlobalScope object has an associated service worker (a service worker). A ServiceWorkerGlobalScope object has an associated force bypass cache for importscripts flag. It is initially unset.

    -

    Note: ServiceWorkerGlobalScope object provides generic, event-driven, time-limited script execution contexts that run at an origin. Once successfully registered, a service worker is started, kept alive and killed by their relationship to events, not service worker clients. Any type of synchronous requests must not be initiated inside of a service worker.

    +

    A ServiceWorkerGlobalScope object represents the global execution context of a service worker. A ServiceWorkerGlobalScope object has an associated service worker (a service worker). A ServiceWorkerGlobalScope object has an associated force bypass cache for importscripts flag. It is initially unset.

    +

    Note: ServiceWorkerGlobalScope object provides generic, event-driven, time-limited script execution contexts that run at an origin. Once successfully registered, a service worker is started, kept alive and killed by their relationship to events, not service worker clients. Any type of synchronous requests must not be initiated inside of a service worker.

    4.1.1. clients

    clients attribute must return the Clients object that is associated with the context object.

    @@ -2358,7 +2359,7 @@

    4.1.3. skipWaiting()

    -

    Note: The skipWaiting() method allows this service worker to progress from the registration's waiting position to active even while service worker clients are using the registration.

    +

    Note: The skipWaiting() method allows this service worker to progress from the registration's waiting position to active even while service worker clients are using the registration.

    skipWaiting() method must run these steps:

    1. @@ -2367,7 +2368,7 @@

      An ExtendableEvent object has an associated extend lifetime promises (an array of promises). It is initially an empty array.

      An ExtendableEvent object has an associated extensions allowed flag. It is initially set.

      -

      Service workers have two lifecycle events, install and activate. Service workers use the ExtendableEvent interface for activate event and install event.

      +

      Service workers have two lifecycle events, install and activate. Service workers use the ExtendableEvent interface for activate event and install event.

      Service worker extensions that define event handlers may also use or extend the ExtendableEvent interface.

      -

      Note: To extend the lifetime of a service worker, algorithms that dispatch events using the ExtendableEvent interface run Extend Service Worker Lifetime algorithm after dispatching the event. See Handle Fetch, Handle Foreign Fetch, and Handle Functional Event.

      +

      Note: To extend the lifetime of a service worker, algorithms that dispatch events using the ExtendableEvent interface run Extend Service Worker Lifetime algorithm after dispatching the event. See Handle Fetch, Handle Foreign Fetch, and Handle Functional Event.

      4.4.1. event.waitUntil(f)

      waitUntil() method extends the lifetime of the event.

      @@ -2966,13 +2967,13 @@

      Add f to the extend lifetime promises.

    -

    Service workers and extensions that define event handlers may define their own behaviors, allowing the extend lifetime promises to suggest operation length, and the rejected state of any of the promise in extend lifetime promises to suggest operation failure.

    -

    Service workers define the following behaviors for install event and activate event, respectively:

    +

    Service workers and extensions that define event handlers may define their own behaviors, allowing the extend lifetime promises to suggest operation length, and the rejected state of any of the promise in extend lifetime promises to suggest operation failure.

    +

    Service workers define the following behaviors for install event and activate event, respectively:

  • @@ -3037,9 +3038,9 @@

    -

    Set this service worker's list of foreign fetch scopes to subScopeURLs.

    +

    Set this service worker's list of foreign fetch scopes to subScopeURLs.

  • -

    Set this service worker's list of foreign fetch origins to originURLs.

    +

    Set this service worker's list of foreign fetch origins to originURLs.

  • @@ -3064,7 +3065,7 @@

    boolean isReload = false; }; -

    Service workers have an essential functional event fetch. For fetch event, service workers use the FetchEvent interface which extends the ExtendableEvent interface.

    +

    Service workers have an essential functional event fetch. For fetch event, service workers use the FetchEvent interface which extends the ExtendableEvent interface.

    Each event using FetchEvent interface has an associated potential response (a response), initially set to null, and the following associated flags that are initially unset:

    + +