Dedicated workers loaded from a secure (HTTPS) origin yet instantiated by insecure (non-HTTPS) contexts are no longer considered secure. This results in the following web developer facing changes inside such worker contexts: - `self.isSecureContext` is now `false` - `self.caches` and `self.storageFoundation` are no longer available This aligns Blink behavior with the specification and Gecko.

Motivation

Blink does not respect the HTML specification in this regard, and is incompatible with Gecko.

Specification

Specification link


Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium

Blink>SecurityFeature>SecureContexts


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • No signal
  • No signals

Owner

Last updated on 2022-05-14