- From: Dr Ian Preston <notifications@github.com>
- Date: Wed, 10 Jun 2020 14:03:47 -0700
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 10 June 2020 21:03:59 UTC
Indeed, for protection from spectre et al I'm told we should be using COOP and COEP as well as CSP sandbox - this way we are protected in browsers that don't have out-of-process-iframes as well. However that approach seems to suffer exactly the same problem as here, not being able to serve sub assets from a service worker for a unique origin. The srcworker idea should work in that case too I believe if it is implemented. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1390#issuecomment-642259571
Received on Wednesday, 10 June 2020 21:03:59 UTC