Firefox: Service Worker: SecurityError: DOMException: The Operation is insecure

Question

In app.js, I am checking the serviceWorker existence in navigator object and if available then registering the SW.

if ('serviceWorker' in navigator) {
    navigator.serviceWorker.register('./service-worker.js', { scope: './' })
        .then(function(registration) {
            console.log("Service Worker Registered!");
        }).catch(function(err) {
            console.log("Service Worker not registered!", err);
        });
}

When trying to register SW, I receive the below error in Firefox. I also made sure the service-worker.js file is under src directory.

Checking my about:config in Firefox (version 59.0.2) I had service worker and storage api enabled. So that shouldn't be an issue.

PS: The same code works fine on Chrome.

Stef Chäser · Accepted Answer · 2020-02-11T10:10:34.600

25

Did you check the cookie setting in about:preferences#privacy, it must be 'keep until they expire', if you have 'keep until I close firefox' selected sw will not register.

you can find details on this thread: https://bugzilla.mozilla.org/show_bug.cgi?id=1429714

edited Feb 11 '20 at 10:10

answered Mar 29 '18 at 02:46

Stef Chäser

1,911
18
26

1

Where is this setting in firefox developer edition or firefox Quantum, I can't find it in about:preferences#privacy? – Ryan Stone Feb 08 '20 at 16:55
23

If it is Necessary for us as developers to enable these settings in both About:Config & about:preferences#privacy to get Service workers to actually work or register then Won't they be broken or Not register for nearly all users who actually visit the site, seeing as most people who aren't developers wont have these settings enabled? – Ryan Stone Feb 08 '20 at 17:32
I don't know why it is so hard to enable service workers in Firefox. I am using MSW to prototype FE stuff at work and we have been forced to use only chromium browsers for this phase due to the nightmare that makes it impossible for us to enable msw ourselves for prototyping. Imagine if we would be using a service worker in production for production needs? – Arp Jul 05 '23 at 03:33

score 12 · Answer 2 · edited Jan 21 '21 at 01:36

12

The same error message also appears in Firefox, if the serviceworker's file is delivered with a wrong MIME-Type. In that case setting the right MIME-Type fixes the problem. Wrong MIME-Type can happen, if you deliver the serviceworker's file dynamically e.g. using PHP.

Correct MIME-Type must be

Content-Type: application/javascript; charset=UTF-8

edited Jan 21 '21 at 01:36

Gerold Broser

14,080
5
48
107

answered Dec 08 '20 at 19:10

Tom

281
4
7

score 4 · Answer 3 · edited Jan 21 '21 at 01:42

You can keep "Delete cookies and site data when Firefox is closed" checked, as long as you create an exception for your site. (Tested in Firefox 78.0.2):

Delete cookies and site data when Firefox is closed

Click on Manage Permissions... and enter a URL (e.g. localhost:8000). Click Allow, then click Save Changes in the bottom right corner. Service workers (and cookies etc.) should now work for this URL, but not for other URLs.

Developers, note that localhost is not the same as e.g. localhost:8000 (you need to specify the port number).

score 3 · Answer 4 · answered Feb 03 '21 at 06:52

When you serve the service worker file itself, often you will need to host it with a Service-Worker-Allowed http header. If the value of this header does not match what you're trying to register the service worker with in Javascript, or if you are trying to register for a scope that is beyond what the browser considers 'secure', then you will get this error.

Happened to me more than once and I wound up here each time. At the very least I'm helping myself out for next time!

score 2 · Answer 5 · answered Sep 10 '20 at 13:54

2

For Firefox 80, I went to about:Config and verified that dom.serviceWorkers.enabled is set to true

then I went to about:preferences#privacy and unchecked Delete cookies and site data when Firefox is closed, from Mozilla

answered Sep 10 '20 at 13:54

thenewjames

966
2
14
25

score 2 · Answer 6 · answered Dec 22 '21 at 10:03

2

In my case, I deleted all the previous data related to this site (cookies, cache, etc.) Then, Firefox allowed me to register the new service worker.

answered Dec 22 '21 at 10:03

K M

31
1
4

BurninLeo · Answer 7 · 2022-05-07T16:16:59.747

In my case, the error DOMException: The Operation is insecure occured when calling navigator.credentials.create().

Here are a few possible reasons:

The local XAMPP apache was addressed as 127.0.0.1 instead of localhost. The WebAuthn would not like IP addresses.
My environment used HTTP instead of HTTPS.
I used a custom port for HTTP, see "The operation is insecure." On navigator.credentials.create() on firefox using Mailcow

With https://localhost/ and a self-signed (the XAMPP defaults) certificate, instead of http://127.0.0.1:82/, the error was solved.

Firefox: Service Worker: SecurityError: DOMException: The Operation is insecure

7 Answers7

Linked