- From: Ben Kelly <notifications@github.com>
- Date: Tue, 17 Feb 2015 06:51:18 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Tuesday, 17 February 2015 14:51:45 UTC
> My vague solution was to have a Document check CSP both on the outgoing request (before SW intercepts), and on the incoming response (after SW manipulation). To do so, we'd need to know the final URL (or at least the final origin) in order to ensure that the Document-level CSP can actually lock script-src down to a certain set of origins. Does this mean the SW script must set a URL with the correct origin when synthetically creating Response objects to return? --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/607#issuecomment-74678969
Received on Tuesday, 17 February 2015 14:51:45 UTC