- From: Jake Archibald <notifications@github.com>
- Date: Mon, 25 Jan 2016 15:35:35 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Monday, 25 January 2016 23:36:03 UTC
I can't quite get my dead around the use cases. > Handling private keys or other sensitive data > Apps that rely on anonymity or encryption, such as TOR or secure messaging How does the current update model prevent this? > ServiceWorkers which verify integrity and authenticity of updates loaded from an untrusted CDN SW scripts are same-origin for security reasons. When you're adding thigns to the cache you can already verify integrity, although CSP is a better mechanism for this. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/822#issuecomment-174730434
Received on Monday, 25 January 2016 23:36:03 UTC