Re: [whatwg/fetch] Allow service-workers mode to be set in fetch options (#492)

A concern of sorts that was raised on Twitter by colleagues is that this functionality weakens the ability of a service worker to be control of all resources that are loaded over the network by the application.

The application can currently bypass the service worker with WebSocket and if you control that through CSP you can no longer use `fetch()`...

Perhaps we should offer CSP control over whether fetches are allowed to bypass the service worker at all (or perhaps only with a nonce). That might make it slightly easier to control the network without having to inspect all scripts to see whether they use this feature.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/492#issuecomment-286060626

Received on Monday, 13 March 2017 09:51:37 UTC