- From: Mike West <notifications@github.com>
- Date: Mon, 28 Aug 2017 14:51:40 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/588/review/58965372@github.com>
mikewest approved this pull request.
> This is an attempt to make the table under https://fetch.spec.whatwg.org/#concept-request-destination more accurate.
LGTM, thanks!
> The directive for reports is still unclear to me.
If you have ideas, it's worth discussing them. CSP doesn't control CSP reporting destinations, as the policy itself seems like a reasonable control on whether reporting happens. Reporting API (and similar: `Expect-CT`, NEL, etc) happen outside the context of any single document, so there's no policy to apply. This might change in a world with origin-bound policies, but status quo, there's no control offered via CSP.
> I'm guessing downloads and normal navigation are both simply not a thing?
`navigate-to` is a WIP that might end up addressing one or both of these, depending on what we end up deciding to do.
> @@ -873,15 +873,15 @@ not always relevant and might require different behavior.
<td>HTML's <code><script></code>, <code>importScripts()</code>
<tr>
<td>"<code>serviceworker</code>"
- <td>?
+ <td><code>child-src</code>, <code>script-src</code>, <code>worker-src</code>
`child-src` is ostensibly deprecated, but until any browser other than Chrome implements `worker-src` with the new inheritance structure, I guess you're right that it's worth keeping it in this list.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/588#pullrequestreview-58965372
Received on Monday, 28 August 2017 14:52:03 UTC