Re: [ServiceWorker] SW spec never hooks into the "runs a worker" term that the CSP spec uses to enforce CSPs (#378) from Jungkee Song on 2015-08-07 (public-webapps-github@w3.org from August 2015)

From: Jungkee Song <notifications@github.com>
Date: Fri, 07 Aug 2015 01:00:52 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/378/128631316@github.com>

I brought the text from CSP spec to SW Security Considerations section for now: https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#content-security. When things are settled on CSP.next, we may just link to CSP. Note that the origin's globally unique identifier check step is omitted as the script's origin should not be a globally unique identifier once it gets to the point where it can invoke Run Service Worker algorithm.

Closing.

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/378#issuecomment-128631316

Received on Friday, 7 August 2015 08:01:20 UTC