background-sync icon indicating copy to clipboard operation
background-sync copied to clipboard
verified publisher icon WICG

Registering for a sync from an iframe?

Open jkarlin opened this issue 10 years ago • 8 comments

What do y'all think about sync.register from an iframe or from a service worker with a non-top-level window client? I'm concerned about background sync abuse from third party content.

jkarlin avatar Nov 19 '15 13:11 jkarlin

I assume we're all in violent agreement here? That is, only the main frame should be able to register a sync.

jkarlin avatar Nov 23 '15 12:11 jkarlin

I have two thoughts here -- I think that generally, we probably don't want to allow background work to be initiated by any content that doesn't have a top-level window. If you're not the primary thing that the user is interacting with, then maybe you shouldn't get those kind of privileges automatically.

The other thought is that by being only a 'best efforts' API, and never making any sort of guarantees to the site about if and when a sync will occur in the background, that we can safely allow a 'foreground only' mode in some situations -- basically anywhere that access would be granted to navigator.connection.onchanged. We could allow any content to register a sync, and it would only fire when the user is actually interacting with that page.

clelland avatar Nov 23 '15 14:11 clelland

What is the check going to look like if you invoke this from a worker? Or a nested worker?

annevk avatar Nov 23 '15 15:11 annevk

What is the check going to look like if you invoke this from a worker? Or a nested worker?

Check if the Service Worker has any main-frame window clients.

jkarlin avatar Nov 23 '15 15:11 jkarlin

I'm not sure that works for a normal worker, though it might, or would those not have access to this API anyway?

annevk avatar Nov 23 '15 15:11 annevk

You'd need to have some connection to your service worker in order to access serviceWorkerRegistration.sync. Workers should have that through the WorkerNavigator, I think, but I don't know if that's implemented anywhere yet.

In the short term, workers could get around it by posting back to their controlling document, which could register for them, if it is allowed to.

clelland avatar Nov 23 '15 15:11 clelland

The other thought is that by being only a 'best efforts' API, and never making any sort of guarantees to the site about if and when a sync will occur in the background, that we can safely allow a 'foreground only' mode in some situations -- basically anywhere that access would be granted to navigator.connection.onchanged. We could allow any content to register a sync, and it would only fire when the user is actually interacting with that page.

Interesting. The advantage here is that if a page that was not designed to be in an iframe is later embedded in one, it will continue to function. The disadvantage is the cognitive load of knowing when onsync will and won't fire.

jkarlin avatar Nov 23 '15 16:11 jkarlin

So is the conclusion here that we do indeed want to limit this API to only be available from an iframe if some top-level browsing context exists for the same origin as well?

mkruisselbrink avatar Dec 14 '15 23:12 mkruisselbrink