- From: Jonas Sicking <notifications@github.com>
- Date: Wed, 11 Nov 2015 09:34:49 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Wednesday, 11 November 2015 17:35:16 UTC
FWIW, what I think we should do is: * Treat resources served as "text/css" as "server has indicated that the contents of this file contains no private information" * Add a header like "sec-from: same-origin" which allows a website to easily indicate that a given stylesheet should not be loadable cross-site. The second bullet has been discussed before now but has the nice property that it would actually protect the information debated here on all UAs. Old UAs that don't support the property also don't support SW. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/719#issuecomment-155856198
Received on Wednesday, 11 November 2015 17:35:16 UTC