diff --git a/docs/.index.bs.swp b/docs/.index.bs.swp deleted file mode 100644 index 7710f01e..00000000 Binary files a/docs/.index.bs.swp and /dev/null differ diff --git a/docs/index.bs b/docs/index.bs index b19d0bb8..dfe9cc11 100644 --- a/docs/index.bs +++ b/docs/index.bs @@ -122,10 +122,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe } - - - - +

Motivations

@@ -215,13 +212,11 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe

Service Worker Registration

- A service worker registration is a tuple of a [=service worker registration/scope url=] and a set of [=/service workers=], an installing worker, a waiting worker, and an active worker. A user agent *may* enable many [=/service worker registrations=] at a single origin so long as the [=service worker registration/scope url=] of the [=/service worker registration=] differs. A [=/service worker registration=] of an identical [=service worker registration/scope url=] when one already exists in the user agent causes the existing [=/service worker registration=] to be replaced. + A service worker registration is a tuple of an [=environment settings object/origin=], an [=service worker registration/id=], and a set of [=/service workers=]; an installing worker, a waiting worker, and an active worker. A user agent *may* enable many [=/service worker registrations=] at a single origin so long as the [=service worker registration/id=] of the [=/service worker registration=] differs. - A [=/service worker registration=] has an associated origin + A [=/service worker registration=] has an associated origin an [=environment settings object/origin=]. - A [=/service worker registration=] has an associated id. - - A [=/service worker registration=] has an associated scope url (a [=/URL=]). + A [=/service worker registration=] has an associated id. It is initially set to null. A [=/service worker registration=] has an associated installing worker (a [=/service worker=] or null) whose [=service worker/state=] is "`installing`". It is initially set to null. @@ -589,7 +584,13 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe

{{ServiceWorkerRegistration/scope}}

- The scope getter steps are to return the [=ServiceWorkerRegistration/service worker registration=]'s serialized [=service worker registration/scope url=]. + The scope getter steps are: + + 1, Let |oldestWorker| be the result of running [=Get Oldest Worker=] passing |registration| as the argument. + 1. If |oldestWorker| is null, then: + 1. Return null. + 1. Else: + 1. Return |oldestWorker|'s [=service worker/scope url=].
In the example in [[#service-worker-url]], the value of registration.scope, obtained from navigator.serviceWorker.ready.then(registration => console.log(registration.scope)) for example, will be "https://example.com/". @@ -612,7 +613,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. If |newestWorker| is null, return [=a promise rejected with=] an "{{InvalidStateError}}" {{DOMException}} and abort these steps. 1. If [=this=]'s [=relevant global object=] |globalObject| is a {{ServiceWorkerGlobalScope}} object, and |globalObject|'s associated [=ServiceWorkerGlobalScope/service worker=]'s state is "`installing`", return [=a promise rejected with=] an "{{InvalidStateError}}" {{DOMException}} and abort these steps. 1. Let |promise| be a promise. - 1. Let |job| be the result of running Create Job with *update*, |registration|'s [=service worker registration/id=], |newestWorkers|'s [=service worker/scope url=], |newestWorker|'s [=service worker/script url=], |promise|, and the [=this=]'s relevant settings object. + 1. Let |job| be the result of running Create Job with *update*, |registration|'s [=service worker registration/origin=], [=service worker registration/id=], |newestWorkers|'s [=service worker/scope url=], |newestWorker|'s [=service worker/script url=], |promise|, and the [=this=]'s relevant settings object. 1. Set |job|'s worker type to |newestWorker|'s [=service worker/type=]. 1. Invoke Schedule Job with |job|. 1. Return |promise|. @@ -628,7 +629,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Let |promise| be [=a new promise=]. 1. Let |newestWorker| be the result of running Get Newest Worker algorithm passing |registration| as its argument. 1. If |newestWorker| is null, return [=a promise rejected with=] an "{{InvalidStateError}}" {{DOMException}} and abort these steps. - 1. Let |job| be the result of running [=Create Job=] with *unregister*, the [=service worker registration/id=] of the [=ServiceWorkerRegistration/service worker registration=], |newest worker|'s [=service worker/scope url=], null, |promise|, and the [=this=]'s relevant settings object. + 1. Let |job| be the result of running [=Create Job=] with *unregister*, the [=service worker registration/origin=], [=service worker registration/id=] of the [=ServiceWorkerRegistration/service worker registration=], |newest worker|'s [=service worker/scope url=], null, |promise|, and the [=this=]'s relevant settings object. 1. Invoke Schedule Job with |job|. 1. Return |promise|.
@@ -742,7 +743,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
- Note: The {{ServiceWorkerContainer/register(scriptURL, options)}} method creates or updates a [=/service worker registration=] for the given [=service worker registration/scope url=]. If successful, a [=/service worker registration=] ties the provided |scriptURL| to a [=service worker registration/scope url=], which is subsequently used for navigation matching. + Note: The {{ServiceWorkerContainer/register(scriptURL, options)}} method creates or updates a [=/service worker registration=] for the given [=service worker registration/id=]. If successful, a [=/service worker registration=] ties the provided |scriptURL| to a [=service worker/scope url=], which is subsequently used for navigation matching. The register(|scriptURL|, |options|) method steps are: @@ -785,7 +786,6 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Run the following steps [=in parallel=]: 1. Let |registrations| be a new [=list=]. 1. [=map/For each=] |key| → |registration| of [=id to registration map=]: - 1. Let |scope| be |registration|'s [=service worker registration/scope url=], [=URL serializer|serialized=]. 1. If |registration|'s [=service worker registration/origin=] is the [=same origin|same=] as |client|'s [=environment settings object/origin=], then [=append=] |registration| to |registrations|. 1. [=Queue a task=] on |promise|'s [=relevant settings object=]'s [=responsible event loop=], using the [=DOM manipulation task source=], to run the following steps: 1. Let |registrationObjects| be a new [=list=]. @@ -2264,7 +2264,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe *This section is non-normative.* - In addition to the [[#origin-restriction|origin restriction]], service workers are restricted by the [=url/path=] of the service worker script. For example, a service worker script at https://www.example.com/~bob/sw.js can be registered for the [=service worker registration/scope url=] https://www.example.com/~bob/ but not for the scope https://www.example.com/ or https://www.example.com/~alice/. This provides some protection for sites that host multiple-user content in separated directories on the same origin. However, the path restriction is not considered a hard security boundary, as only origins are. Sites are encouraged to use different origins to securely isolate segments of the site if appropriate. + In addition to the [[#origin-restriction|origin restriction]], service workers are restricted by the [=url/path=] of the service worker script. For example, a service worker script at https://www.example.com/~bob/sw.js can be registered for the [=service worker/scope url=] https://www.example.com/~bob/ but not for the scope https://www.example.com/ or https://www.example.com/~alice/. This provides some protection for sites that host multiple-user content in separated directories on the same origin. However, the path restriction is not considered a hard security boundary, as only origins are. Sites are encouraged to use different origins to securely isolate segments of the site if appropriate. Servers can remove the path restriction by setting a [=Service-Worker-Allowed=] header on the service worker script.
@@ -2361,7 +2361,9 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe
A job has a job type, which is one of *register*, *update*, and *unregister*. - A job has a id + A job has an origin. + + A job has an id. A job has a scope url (a [=/URL=]). @@ -2387,12 +2389,13 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe Two jobs are equivalent when their job type is the same and: - * For *register* and *update* jobs, their [=job/scope url=], [=job/script url=], [=job/worker type=], and [=job/update via cache mode=] are the same. - * For *unregister* jobs, their [=job/scope url=] is the same. + * For *register* jobs, their [=job/origin=], [=job/id=], [=job/scope url=], [=job/script url=], [=job/worker type=], and [=job/update via cache mode=] are the same. + * For *update* jobs, their [=job/origin=], [=job/id=], [=job/script url=], [=job/worker type=], and [=job/update via cache mode=] are the same. + * For *unregister* jobs, their [=job/origin=] and [=job/id=] are the same. A job queue is a thread safe [=queue=] used to synchronize the set of concurrent [=jobs=]. The [=job queue=] contains [=jobs=] as its [=queue/items=]. A [=job queue=] is initially empty. - A id to job queue map is an ordered map where the keys are [=service worker registration/ids=] and the values are [=job queues=]. + A id to job queue map is an ordered map where the keys are ([=environment settings object/origin=],[=service worker registration/ids=]) and the values are [=job queues=]. A bad import script response is a [=/response=] for which any of the following conditions are met: @@ -2407,7 +2410,8 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe : Input :: |jobType|, a job type - :: |id|, a [=service worker registration/id=] + :: |origin|, an [=environment settings object/origin=] + :: |id|, an [=service worker registration/id=] :: |scopeURL|, a [=/URL=] :: |scriptURL|, a [=/URL=] :: |promise|, a promise @@ -2417,6 +2421,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Let |job| be a new job. 1. Set |job|'s [=job/job type=] to |jobType|. + 1. Set |job|'s [=job/origin=] to |origin|. 1. Set |job|'s [=job/id=] to |id|. 1. Set |job|'s [=job/scope url=] to |scopeURL|. 1. Set |job|'s [=job/script url=] to |scriptURL|. @@ -2435,9 +2440,11 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe :: none 1. Let |jobQueue| be null. - 1. Let |jobScope| be |job|'s [=job/scope url=], [=URL serializer|serialized=]. - 1. If [=scope to job queue map=][|jobScope|] does not [=map/exist=], [=map/set=] [=scope to job queue map=][|jobScope|] to a new [=job queue=]. - 1. Set |jobQueue| to [=scope to job queue map=][|jobScope|]. + 1. Let |origin| be |job|'s [=job/origin=]. + 1. Let |id| be |job|'s [=job/id=]. + 1. Let |key| be (|origin|,|id|). + 1. If [=id to job queue map=][|key|] does not [=map/exist=], [=map/set=] [=id to job queue map=][|key|] to a new [=job queue=]. + 1. Set |jobQueue| to [=id to job queue map=][|key|]. 1. If |jobQueue| is empty, then: 1. Set |job|'s [=containing job queue=] to |jobQueue|, and [=queue/enqueue=] |job| to |jobQueue|. 1. Invoke [=Run Job=] with |jobQueue|. @@ -2552,7 +2559,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. If |scopeURL|'s [=url/scheme=] is not one of "http" and "https", reject |promise| with a TypeError and abort these steps. 1. If any of the strings in |scopeURL|'s [=url/path=] contains either ASCII case-insensitive "%2f" or ASCII case-insensitive "%5c", reject |promise| with a TypeError and abort these steps. 1. If |id| is null, set |id| to |scopeURL|. - 1. Let |job| be the result of running [=Create Job=] with *register*, |id|, |scopeURL|, |scriptURL|, |promise|, and |client|. + 1. Let |job| be the result of running [=Create Job=] with *register*, |client|' [=service worker client/origin=], |id|, |scopeURL|, |scriptURL|, |promise|, and |client|. 1. Set |job|'s [=job/worker type=] to |workerType|. 1. Set |job|'s [=job/update via cache mode=] to |updateViaCache|. 1. Set |job|'s [=job/referrer=] to |referrer|. @@ -2567,23 +2574,26 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe : Output :: none - 1. If the result of running potentially trustworthy origin with the [=environment settings object/origin=] of |job|'s [=job/script url=] as the argument is Not Trusted, then: + 1. If the result of running potentially trustworthy origin with |job|'s [=job/origin=] as the argument is Not Trusted, then: + 1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}. + 1. Invoke Finish Job with |job| and abort these steps. + 1. If the [=environment settings object/origin=] of |job|'s [=job/script url=] is not |job|'s [=job/origin=], then: 1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}. 1. Invoke Finish Job with |job| and abort these steps. - 1. If the [=environment settings object/origin=] of |job|'s [=job/script url=] is not |job|'s [=job/referrer=]'s [=environment settings object/origin=], then: + 1. If the [=environment settings object/origin=] of |job|'s [=job/scope url=] is not |job|'s [=job/origin=]'s, then: 1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}. 1. Invoke Finish Job with |job| and abort these steps. - 1. If the [=environment settings object/origin=] of |job|'s [=job/scope url=] is not |job|'s [=job/referrer=]'s [=environment settings object/origin=], then: + 1. If the [=environment settings object/origin=] of |job|'s [=job/referrer=] is not |job|'s [=job/origin=]'s, then: 1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}. 1. Invoke Finish Job with |job| and abort these steps. - 1. Let |registration| be the result of running the Get Registration algorithm passing |job|'s [=job/id=] as the argument. + 1. Let |registration| be the result of running the Get Registration algorithm passing |job|'s [=job/origin=] and [=job/id=] as the arguments. 1. If |registration| is not null, then: 1. Let |newestWorker| be the result of running the Get Newest Worker algorithm passing |registration| as the argument. 1. If |newestWorker| is not null, |job|'s [=job/script url=] [=url/equals=] |newestWorker|'s [=service worker/script url=], |job|'s [=job/worker type=] equals |newestWorker|'s [=service worker/type=], and |job|'s [=job/update via cache mode=]'s value equals |registration|'s [=service worker registration/update via cache mode=], then: 1. Invoke [=Resolve Job Promise=] with |job| and |registration|. 1. Invoke Finish Job with |job| and abort these steps. 1. Else: - 1. Invoke Set Registration algorithm with |job|'s [=job/id], |job|'s [=job/scope url=], and |job|'s [=job/update via cache mode=]. + 1. Invoke Set Registration algorithm with |job|'s [=job/origin=], |job|'s [=job/id], and |job|'s [=job/update via cache mode=]. 1. Invoke Update algorithm passing |job| as the argument.
@@ -2595,7 +2605,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe : Output :: none - 1. Let |registration| be the result of running the Get Registration algorithm passing |job|'s [=job/id=] as the argument. + 1. Let |registration| be the result of running the Get Registration algorithm passing |job|'s [=job/origin=] and [=job/id=] as the arguments. 1. If |registration| is null, then: 1. Invoke [=Reject Job Promise=] with |job| and `TypeError`. 1. Invoke Finish Job with |job| and abort these steps. @@ -2743,7 +2753,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Let |newestWorker| be the result of running Get Newest Worker algorithm passing |registration| as its argument. 1. If |newestWorker| is null, abort these steps. - 1. Let |job| be the result of running Create Job with *update*, |registration|'s [=service worker registration/id=], |newestWorker|'s [=service worker/scope url=], |newestWorker|'s [=service worker/script url=], null, and null. + 1. Let |job| be the result of running Create Job with *update*, |registration|'s [=service worker registration/origin=], |registration|'s [=service worker registration/id=], |newestWorker|'s [=service worker/scope url=], |newestWorker|'s [=service worker/script url=], null, and null. 1. Set |job|'s worker type to |newestWorker|'s [=service worker/type=]. 1. Set |job|'s [=force bypass cache flag=] if |forceBypassCache| is true. 1. Invoke Schedule Job with |job|. @@ -2766,7 +2776,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Run the Update Worker State algorithm passing |registration|'s installing worker and "`installing`" as the arguments. 1. Assert: |job|'s [=job/job promise=] is not null. 1. Invoke [=Resolve Job Promise=] with |job| and |registration|. - 1. Let |settingsObjects| be all [=environment settings objects=] whose [=environment settings object/origin=] is |job|'s [=job/scope url=]'s [=url/origin=]. + 1. Let |settingsObjects| be all [=environment settings objects=] whose [=environment settings object/origin=] is |job|'s [=job/origin=]. 1. For each |settingsObject| of |settingsObjects|, [=queue a task=] on |settingsObject|'s [=responsible event loop=] in the [=DOM manipulation task source=] to run the following steps: 1. Let |registrationObjects| be every {{ServiceWorkerRegistration}} object in |settingsObject|'s [=environment settings object/realm=], whose [=ServiceWorkerRegistration/service worker registration=] is |registration|. 1. For each |registrationObject| of |registrationObjects|, [=fire an event=] on |registrationObject| named `updatefound`. @@ -2793,7 +2803,9 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. If |installFailed| is true, then: 1. Run the Update Worker State algorithm passing |registration|'s [=installing worker=] and "`redundant`" as the arguments. 1. Run the Update Registration State algorithm passing |registration|, "installing" and null as the arguments. - 1. If |newestWorker| is null, then [=map/remove=] [=id to registration map=][|registration|'s [=service worker registration/id=]]. + 1. Let |id| be |registration|'s [=service worker registration/id=]. + 1. Let |origin| be |registration|'s [=service worker registration/origin=]. + 1. If |newestWorker| is null, then [=map/remove=] [=id to registration map=][(|origin|,|id|)]. 1. Invoke Finish Job with |job| and abort these steps. 1. Let |map| be |registration|'s [=installing worker=]'s [=script resource map=]. 1. Let |usedSet| be |registration|'s [=installing worker=]'s [=set of used scripts=]. @@ -2832,8 +2844,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe Note: Make sure to design activation handlers to do non-essential work (like cleanup). This is because activation handlers may not all run to completion, especially in the case of browser termination during activation. A Service Worker should be designed to function properly, even if the activation handlers do not all complete successfully. - - 1. Let |matchedClients| be a [=list=] of [=/service worker clients=] whose creation URL matches |registration|'s [=service worker registration/scope url=]. + 1. Let |matchedClients| be a [=list=] of [=/service worker clients=] whose creation URL matches |registration|'s [=active worker=]'s [=service worker/scope url=]. 1. [=list/For each=] |client| of |matchedClients|, [=queue a task=] on |client|'s [=responsible event loop=], using the [=DOM manipulation task source=], to run the following substeps: 1. Let |readyPromise| be |client|'s [=environment settings object/global object=]'s {{ServiceWorkerContainer}} object's [=ServiceWorkerContainer/ready promise=]. 1. If |readyPromise| is null, then [=continue=]. @@ -3167,7 +3178,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe : Output :: None - 1. [=map/For each=] id → |registration| of id to registration map: + 1. [=map/For each=] key → |registration| of id to registration map: 1. If |registration|'s installing worker |installingWorker| is not null, then: 1. If |registration|'s [=waiting worker=] is null and |registration|'s [=active worker=] is null, invoke Clear Registration with |registration| and continue to the next iteration of the loop. 1. Else, set |installingWorker| to null. @@ -3198,14 +3209,14 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe : Output :: none - 1. If the [=environment settings object/origin=] of |job|'s [=job/scope url=] is not |job|'s [=job/client=]'s [=environment settings object/origin=], then: + 1. If |job|'s [=job/origin=] is not |job|'s [=job/client=]'s [=environment settings object/origin=], then: 1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}. 1. Invoke Finish Job with |job| and abort these steps. - 1. Let |registration| be the result of running Get Registration algorithm passing |job|'s [=job/id=] as the argument. + 1. Let |registration| be the result of running Get Registration algorithm passing |job|'s [=job/origin=] and [=job/id=] as the arguments. 1. If |registration| is null, then: 1. Invoke Resolve Job Promise with |job| and false. 1. Invoke Finish Job with |job| and abort these steps. - 1. [=map/Remove=] [=id to registration map=][|job|'s [=job/id=]]. + 1. [=map/Remove=] [=id to registration map=][(|job|'s [=job/origin=],|job|'s [=job/id=])]. 1. Invoke Resolve Job Promise with |job| and true. 1. Invoke [=Try Clear Registration=] with |registration|. @@ -3218,16 +3229,15 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe

Set Registration

: Input + :: |origin|, an [=environment settings object/origin=] :: |id|, an [=service worker registration/id=] - :: |scope|, a [=/URL=] :: |updateViaCache|, an [=service worker registration/update via cache mode=] : Output :: |registration|, a [=/service worker registration=] 1. Run the following steps atomically. 1. Let |scopeString| be [=URL serializer|serialized=] |scope| with the *exclude fragment flag* set. - - 1. Let |registration| be a new [=/service worker registration=] whose [=service worker registration/id=] is set to |id|, [=service worker registration/scope url=] is set to |scope|, and [=service worker registration/update via cache mode=] is set to |updateViaCache|. + 1. Let |registration| be a new [=/service worker registration=] whose [=service worker registration/origin=] is set to |origin|, [=service worker registration/id=] is set to |id|, and [=service worker registration/update via cache mode=] is set to |updateViaCache|. 1. [=map/Set=] id to registration map[|id|] to |registration|. 1. Return |registration|.
@@ -3358,22 +3368,20 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. If |matchingScopeString| is not the empty string, then: 1. Set |matchingScope| to the result of parsing |matchingScopeString|. 1. Assert: |matchingScope|'s [=url/origin=] and |clientURL|'s [=url/origin=] are [=same origin=]. - 1. Let |matchingId| be |scopeMap|[|matchingScopeString|]'s [=service worker registration/id]. - 1. Return the result of running [=Get Registration=] algorithm passing |matchingId| as the argument. + 1. Return |scopeMap|[|matchingScopeString|].

Get Registration

: Input + :: |origin|, a [=environment settings object/origin=] :: |id|, a [=service worker registration/id=] : Output :: A [=/service worker registration=] 1. Run the following steps atomically. - 1. [=map/For each=] |key| → |value| of id to registration map: - 1. If |id| matches |key|, then return |value|. - 1. Return null. + 1. [=map/Get=] (|origin|,|id|) from [=id to registration map=] and return the result.
@@ -3392,6 +3400,22 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe 1. Return |newestWorker|.
+
+

Get Oldest Worker

+ + : Input + :: |registration|, a [=/service worker registration=] + : Output + :: |oldestWorker|, a [=/service worker=] + + 1. Run the following steps atomically. + 1. Let |oldestWorker| be null. + 1. If |registration|'s active worker is not null, set |oldestWorker| to |registration|'s active worker. + 1. Else if |registration|'s waiting worker is not null, set |oldestWorker| to |registration|'s waiting worker. + 1. Else if |registration|'s installing worker is not null, set |oldestWorker| to |registration|'s installing worker. + 1. Return |oldestWorker|. +
+

Service Worker Has No Pending Events

@@ -3606,7 +3630,7 @@ spec: webappsec-referrer-policy; urlPrefix: https://w3c.github.io/webappsec-refe An HTTP response to a [=/service worker=]'s script resource request can include the following header: : \`Service-Worker-Allowed\` - :: Indicates the user agent will override the path restriction, which limits the maximum allowed [=service worker registration/scope url=] that the script can control, to the given value. + :: Indicates the user agent will override the path restriction, which limits the maximum allowed [=service worker/scope url=] that the script can control, to the given value. Note: The value is a URL. If a relative URL is given, it is parsed against the script's URL.