Is there any way to set an arbitrary Web page as a WindowClient of a ServiceWorker?

[guest271314]

Is there any way to set an arbitrary Web page as a WindowClient of a ServiceWorker?

[Ben Kelly]

Service workers can only see same-origin documents as a WindowClient.  It should be able to see all same-origin regardless of whether they are controlled by the service worker's scope, though.  (Note, with storage partitioning coming this will also be limited to documents in the same partition.)

On Sat, Dec 3, 2022 at 12:28 PM guest271314 <guest...@gmail.com> wrote:

Is there any way to set an arbitrary Web page as a WindowClient of a ServiceWorker?

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/890510b9-8767-4f31-8fa8-ebcdb52932dcn%40chromium.org.

[guest271314]

That makes it difficult for MV3 extension ServiceWorker's to transfer data to arbitrary Web sites https://github.com/GoogleChrome/chrome-extensions-samples/issues/766. We can use 1) <iframe> element appended to a document, then parent.postMessage(), however, the iframe can be removed from the document by other code; 2) we can use open(), then opener.postMessage(), however, on Chrome the popup Window is always at least 100x100 before extension code can resize and blur; 3) we can use offscreen document with WebRTC data channels, which means loading the resources of an entire Window and Document and using WebRTC https://github.com/GoogleChrome/chrome-extensions-samples/pull/782 (https://github.com/guest271314/offscreen-webrtc) - just to transfer ArrayBuffers - when we should be able to do that without using the former 3 additional resources .

There _has_ to be a way to programmatically set an arbitrary Web page as a WindowClient in the source code, for the purpose of establishing a way to use postMessage() and onmessage.

Where does Chrome set WindowClient in Chromium source code?

 > (Note, with storage partitioning coming this will also be limited to documents in the same partition.)

Kindly link to the proposal, design document and draft specification or implemetation, if any.

[guest271314]

I'm thinking a prompt similar to navigator.permissions.request() to allow a Web page to opt-in to beingset as a WindowClient of a ServiceWorker, both permanently and temporarily for the ability to intercept fetch requests and utilize Client.postMessage(), navigator.serviceWorker.onmessage, navigator.serviceWorker.controller.postMessage() and fetch event.

What are the worst case scenarios for such functionality?

[guest271314]

My formal FUGU explainer https://github.com/guest271314/requestClient/blob/main/README.md.

[guest271314]

>  (Note, with storage partitioning coming this will also be limited to documents in the same partition.)

Sure enough on Chromium 112 ThirdPartyStoragePartitioning is enabled by default which results in a iframe appended to an arbitrary document with src set to chrome-extension: protocol not being set as a WindowClient and navigator.serviceWorker.getRegistrations() returns an empty array. To avoid that behaviour we have to disable Experimental third-party storage partitioning. in chrome:flags or launch with --disable-features=ThirdPartyStoragePartitioning.

Is the goal really to prevent embedded iframe's from being set as a WindowClient, and for documents under an active ServiceWorker scope to not get the registered ServiceWorker for the scope?