Re: [slightlyoff/ServiceWorker] Is it possible to serve service workers from CDN/remote origin? (#940) from Jake Archibald on 2016-08-04 (public-webapps-github@w3.org from August 2016)

From: Jake Archibald <notifications@github.com>
Date: Thu, 04 Aug 2016 02:28:16 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/940/237501449@github.com>

Yeah, we're not doing this as it turns a small XSS into a huge long-term issue.

If we allowed something like this, the controlled origin would need to opt into it somehow, maybe via something like CSP. It seems like `importScripts(crossOriginURL)` already provides this opt-in in a much simpler way.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/940#issuecomment-237501449

Received on Thursday, 4 August 2016 09:28:48 UTC