SECURE: Note the Shared Worker issue.

mikewest · mikewest · commit 09c2fb2a538c · 2015-09-14T08:16:39.000+02:00
diff --git a/specs/powerfulfeatures/index.html b/specs/powerfulfeatures/index.html
@@ -96,7 +96,7 @@
    <h1 class="p-name no-ref" id="title">Secure Contexts</h1>
   
    <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft,
-    <time class="dt-updated" datetime="2015-09-11">11 September 2015</time></span></h2>
+    <time class="dt-updated" datetime="2015-09-14">14 September 2015</time></span></h2>
   
    <div data-fill-with="spec-metadata">
     <dl>
@@ -625,6 +625,12 @@ <h4 class="heading settled" data-level="1.1.4" id="examples-shared-workers"><spa
     <p>Shared Workers are similar to dedicated Workers, but need to check through
   each of the documents which share them:</p>
 
+
+    <p class="issue" id="issue-c5802c14"><a class="self-link" href="#issue-c5802c14"></a> The current handling of Shared Workers means that
+  the worker’s state will oscillate between secure and insecure based on the
+  documents that attach to it. That will likely confuse developers. Several
+  options for improvements have been suggested in the associated bug. <a href="https://github.com/w3c/webappsec/issues/406">&lt;https://github.com/w3c/webappsec/issues/406></a></p>
+
   
     <div class="example" id="example-7e3c52b5"><a class="self-link" href="#example-7e3c52b5"></a>
     
@@ -1861,6 +1867,10 @@ <h2 class="no-num heading settled" id="idl-index"><span class="content">IDL Inde
 </pre>
   <h2 class="no-num heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
   <div style="counter-reset:issue">
+   <div class="issue"> The current handling of Shared Workers means that
+  the worker’s state will oscillate between secure and insecure based on the
+  documents that attach to it. That will likely confuse developers. Several
+  options for improvements have been suggested in the associated bug. <a href="https://github.com/w3c/webappsec/issues/406">&lt;https://github.com/w3c/webappsec/issues/406></a><a href="#issue-c5802c14"> ↵ </a></div>
    <div class="issue"> WHATWG’s HTML for <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#creation-url">creation URL</a>, as W3C’s doesn’t
             define the primitive we need.<a href="#issue-091ab16c"> ↵ </a></div>
    <div class="issue"> <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-https-state">HTTPS state</a> is poorly defined. For example, we should ensure
diff --git a/specs/powerfulfeatures/index.src.html b/specs/powerfulfeatures/index.src.html
@@ -291,6 +291,11 @@ <h4 id="examples-shared-workers">Shared Workers</h4>
   Shared Workers are similar to dedicated Workers, but need to check through
   each of the documents which share them:
 
+  ISSUE(w3c/webappsec#406): The current handling of Shared Workers means that
+  the worker's state will oscillate between secure and insecure based on the
+  documents that attach to it. That will likely confuse developers. Several
+  options for improvements have been suggested in the associated bug.
+
   <div class="example">
     <p>If <code>https://example.com/</code> in a <a>top-level browsing
     context</a> runs <code>https://example.com/worker.js</code> as a Shared
