From 5259f5003fa4ba3d85132639155677a3ebaf14ef Mon Sep 17 00:00:00 2001 From: Yoshisato Yanagisawa Date: Fri, 3 Jul 2026 02:27:23 +0000 Subject: [PATCH] Redesign Service-Worker-Allowed header extraction This change updates the Service-Worker-Allowed header handling to use modern Fetch primitives. Specifically: 1. Replaced 'extracting header list values' with 'header list/get'. 2. Added an explicit 'isomorphic decode' step for the header value. 3. Moved the failure check to follow the URL parsing step. Fixes #1360 --- index.bs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/index.bs b/index.bs index 7268a284..7c11b834 100644 --- a/index.bs +++ b/index.bs @@ -2815,13 +2815,12 @@ spec: storage; urlPrefix: https://storage.spec.whatwg.org/ 1. [=Extract a MIME type=] from the |response|'s [=response/header list=]. If this MIME type (ignoring parameters) is not a [=JavaScript MIME type=], then: 1. Invoke [=Reject Job Promise=] with |job| and "{{SecurityError}}" {{DOMException}}. 1. Asynchronously complete these steps with a [=network error=]. - 1. Let |serviceWorkerAllowed| be the result of [=extracting header list values=] given \`Service-Worker-Allowed\` and |response|'s [=response/header list=]. + 1. Let |serviceWorkerAllowed| be the result of [=header list/get=] \`Service-Worker-Allowed\` from |response|'s [=response/header list=]. Note: See the definition of the [=Service-Worker-Allowed=] header in Appendix B: Extended HTTP headers. + 1. If |serviceWorkerAllowed| is not null, then set |serviceWorkerAllowed| to the result of [=isomorphic decode=] |serviceWorkerAllowed|. 1. Set |policyContainer| to the result of creating a policy container from a fetch response given |response|. - 1. If |serviceWorkerAllowed| is failure, then: - 1. Asynchronously complete these steps with a network error. 1. Let |scopeURL| be |registration|'s [=service worker registration/scope url=]. 1. Let |maxScopeString| be null. 1. If |serviceWorkerAllowed| is null, then: @@ -2832,6 +2831,8 @@ spec: storage; urlPrefix: https://storage.spec.whatwg.org/ 1. Else: 1. Let |maxScope| be the result of [=URL parser|parsing=] |serviceWorkerAllowed| using |job|'s [=job/script url=] as the [=base URL=]. + 1. If |maxScope| is failure, then: + 1. Asynchronously complete these steps with a network error. 1. If |maxScope|'s [=url/origin=] is |job|'s [=job/script url=]'s [=url/origin=], then: 1. Set |maxScopeString| to "`/`", followed by the strings in |maxScope|'s [=url/path=] (including empty strings), separated from each other by "`/`". 1. Let |scopeString| be "`/`", followed by the strings in |scopeURL|'s [=url/path=] (including empty strings), separated from each other by "`/`".