service-worker – WindowsTechs.com

Web browser Service Worker contributing to DDoS attacks and spam?

Posted on May 13, 2023 by Peter Becich

Google and CloudFlare have recently indicated that my home IP address is contributing to a DDoS or spam network.
In addition to all the other usual vectors, are web browser Service Workers a potential concern? It appears that Service Worke… Continue reading Web browser Service Worker contributing to DDoS attacks and spam?→

Can I use a ServiceWorker to prevent an XSS attacker from gaining access to private user data?

Posted on December 30, 2022 by bennlich

I run a small blogging platform, and I want my users to be able to embed javascript that runs on their blogs (to manipulate the DOM, etc. as you might if you were hosting your own website). However, I do not want them to be able to:

acces… Continue reading Can I use a ServiceWorker to prevent an XSS attacker from gaining access to private user data?→

Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?

Posted on October 7, 2021 by ultraGentle

In browsers, use of SharedArrayBuffer is restricted to sites with the following HTTP headers because otherwise it exposes vulnerabilities to Spectre and Meltdown.
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-… Continue reading Does enabling SharedArrayBuffers via service worker headers create Spectre vulnerability?→

Progressive web app, Access token storage

Posted on May 16, 2021 by Bart Mommens

I’m currently working on an existing PWA (Progressive web app) build in VUEJS. Currently i’m using Auth0 for user authentication and it works fine. But it seems a bit overkill and client finds it very hard to manage his users in Auth0 (mul… Continue reading Progressive web app, Access token storage→

Does it matter that my browser shows an out-of-date certificate when a website uses service workers?

Posted on July 27, 2020 by curiousdannii

A website I frequent (a Discourse forum) uses Let’s Encrypt TLS certificates which are updated every two months with a valid period of three months. But the certificate information shown by Chrome says that the certificate is out-of-date a… Continue reading Does it matter that my browser shows an out-of-date certificate when a website uses service workers?→

Is it possible to direclty read a variable from a service worker (ServiceWorkerGlobalScope)?

Posted on June 29, 2020 by Senju

Is it possible to get the counter variable (ServiceWorkerGlobalScope) from the main thread without using the postMessage method?
service-worker.js:
let counter = 42;

self.addEventListener("message", function (event: any)… Continue reading Is it possible to direclty read a variable from a service worker (ServiceWorkerGlobalScope)?→

Are web worker / service worker secure environments to store a password, credit card information, access tokens?

Posted on June 28, 2020 by Senju

If there is a case where I wish to store sensitive data like a password, credit card information, or access tokens:
Are web workers / service workers a secure environment, where such data can not be compromised?
If so, what to do to really… Continue reading Are web worker / service worker secure environments to store a password, credit card information, access tokens?→

What measures can be taken to make a site safe again after a hostile service worker is installed in users’ browsers?

Posted on April 10, 2020 by curiousdannii

So my understanding of Service Workers is that once installed they grant you full control over requests to a domain. If an attacker managed to include their service worker in your site, then for anyone who visited that site the service wor… Continue reading What measures can be taken to make a site safe again after a hostile service worker is installed in users’ browsers?→