- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 07 May 2015 03:00:14 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Thursday, 7 May 2015 10:00:41 UTC
The use case here is to allow a service worker to make a fetch just like `<img>` can with equivalent effects. This requires an opaque response that can only be used by features that can legitimately set the same context as otherwise CSP could be circumvented. E.g. if a page were only allowed to fetch images this could be used to fetch "an image" and instead use the result for something else. I think do this properly I need @mikewest to finish the CSP rewrite in terms of Fetch. And we need to fix the SW and CSP issue: https://github.com/w3c/webappsec/issues/227 --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/48
Received on Thursday, 7 May 2015 10:00:41 UTC