- From: Mike West <notifications@github.com>
- Date: Tue, 17 Feb 2015 06:32:04 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Tuesday, 17 February 2015 14:32:34 UTC
My vague solution was to have a Document check CSP both on the outgoing request (before SW intercepts), and on the incoming response (after SW manipulation). To do so, we'd need to know the final URL (or at least the final origin) in order to ensure that the Document-level CSP can actually lock `script-src` down to a certain set of origins. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/607#issuecomment-74675768
Received on Tuesday, 17 February 2015 14:32:34 UTC