[css-houdini-drafts] Pull Request: [worklets] Fill in privacy and security sections of worklets. from Ian Kilpatrick via GitHub on 2017-04-07 (public-houdini-archive@w3.org from April 2017)

From: Ian Kilpatrick via GitHub <sysbot+gh@w3.org>
Date: Fri, 07 Apr 2017 18:20:30 +0000
To: public-houdini-archive@w3.org
Message-ID: <pull_request.opened-114872491-1491589226-sysbot+gh@w3.org>

bfgeek has just submitted a new pull request for https://github.com/w3c/css-houdini-drafts:

== [worklets] Fill in privacy and security sections of worklets. ==
Fixes #92. (better late than never? ;)

Broadly speaking worklets should be allowed in non-secure contexts as
downstream specs may want to use them there.

CSP wise this should work the same as workers, using the "child-src"
directive. I've filed issue #378 to allow each downstream spec to use a
unique destination, e.g. "paintworklet", "audioworklet", etc.

The CSP spec should probably be extended to have a "worklet-src"
directive (as there is now a "worker-src" directive now?).

See https://github.com/w3c/css-houdini-drafts/pull/379

Received on Friday, 7 April 2017 18:20:36 UTC