javascript - 是否可以从工作人员那里调用 SubtleCrypto 方法？

Question

我想调用 SubtleCrypto 的方法从一个 worker 。
通常，可以通过窗口上下文中可用的 Crypto.subtle 属性:

例如:window.crypto.subtle.encrypt()
在工作人员中，窗口不可用，但仍然可以通过这种方式访问​​加密:

self.crypto

然而 self.crypto.subtle总是返回未定义。
这是正常行为(例如:出于安全目的禁用)还是有可能从 worker 调用 SubtleCrypto 方法？

我创建了一个重现行为的 JSFiddle here .
我用 Chrome 。

Answer 1

根据 Deprecations and Removals in Chrome 60 :

crypto.subtle now requires a secure origin

The Web Crypto API which has been supported since Chrome 37 has always worked on non-secure origins. Because of Chrome's long-standing policy of preferring secure origins for powerful features, crypto.subtle is now only visible on secure origins.

Intent to Remove | Chromium Bug

以下代码放在 HTTPS 服务器上时，具有 crypto.subtle并且工作得很好

<!DOCTYPE html>
<html>
  <body>
    <input id="start" type="button" value="Start">

    <script>
      function getWorkerJS() {
        var js = `
            onmessage = function(e) {
                var jwkKey = {
                    kty: "oct",
                    k: "lckjnFLIEas7yf65ca6saksjhcajs554s5cajshgGGG"
                };
                crypto.subtle.importKey(
                    "jwk", jwkKey, {name: "AES-CBC"}, true,
                    ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey']
                )
                .then(
                    function (result) {
                        postMessage({ success: true});
                    },
                    function (error) {
                        postMessage({ message: error.message });
                    }
                );
            };
        `;
        var blob = new Blob([js], {"type": "text/plain"});
        return URL.createObjectURL(blob);
      }

      var ww = new Worker(getWorkerJS());

      ww.onmessage = function(msg) {
        console.log(msg.data);
      };

      document.getElementById('start').addEventListener('click', start, false);

      function start() {
        ww.postMessage('start');
      }

    </script>
  </body>
</html>