Censorship-circumvention for the config
Currently, all config options are kept in
config.js and imported directly in
service-worker.js, which means it's considered a part of the Service Worker by the browser and only allowed to update via direct HTTPS
We need to be able to fetch updated config settings (by fetching
config.js or via some other means) and update the Service Worker configuration using it. This probably requires going through the cache, and storing specific config options there.
Not all config options can be meaningfully changed this way, however. For example, the set of JS files (and thus, plugins) that is loaded by the Service Worker cannot change without a direct HTTPS
fetch() (which is a limitation imposed by the API specs); if implemented right, their order could be different, however. This could create a situation where a new config requires loading of files that have not been loaded and breaks Samizdat for someone for whom the original site is blocked.
tl;dr this is tricky