- From: jvanbec <notifications@github.com>
- Date: Sun, 19 Feb 2017 09:04:27 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Sunday, 19 February 2017 17:05:03 UTC
If the browser only accepts a serviceworker with the exact same hash-code I provided, there is no xss-risk imo?
To clarify, I mean something like this:
`navigator.serviceWorker.register('https://remote.domain/serviceworker.js', 'sha256:36413516eb44a9f3894b8e9039c4f1b56477f924d73d3409e061bda8152dccad')`
In my case I have a domain where I store my (almost) static resources which are shared/used in several other domains. It would be very beneficial to be able to also store the serviceworker on that domain.
(I do realize this puts some limitations on the possibilities of the sw, but for me this still outweighs the hassle of propagating and updating identical resources on each individual domain)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/940#issuecomment-280932332
Received on Sunday, 19 February 2017 17:05:03 UTC