Dedicated workers loaded from a secure (HTTPS) origin yet instantiated by insecure (non-HTTPS) contexts are no longer considered secure. This results in the following web developer facing changes inside such worker contexts: - `self.isSecureContext` is now `false` - `self.caches` and `self.storageFoundation` are no longer available This aligns Blink behavior with the specification and Gecko.
Motivation
Blink does not respect the HTML specification in this regard, and is incompatible with Gecko.
Specification
Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form
Status in Chromium
Blink>SecurityFeature>SecureContexts
Enabled by default
(tracking bug)
Consensus & Standardization
- Shipped/Shipping
- No signal
- No signals
Owner
Last updated on 2022-05-14