- From: Mitar <notifications@github.com>
- Date: Fri, 16 Oct 2015 17:10:38 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Saturday, 17 October 2015 00:11:10 UTC
To allow service worker to verify if new version of the service worker code can be trusted and deny updating, it would be great that when browser decides to update the service worker, it consults existing service worker code to decide if this should be allowed or not (service worker code can verify then the code, signature, etc.). This allows trust on first use security model which then allows controlled updating of the client side code. (Of course, for this to really work, there should also be a way to really request that all requests go through the service worker code and never bypass it.) --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/761
Received on Saturday, 17 October 2015 00:11:10 UTC