- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 14 May 2013 12:08:40 -0700
- To: Alex Russell <slightlyoff@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Tue, May 14, 2013 at 9:55 AM, Alex Russell <slightlyoff@google.com> wrote: > If it hasn't been worked out yet, my vote is for "no shared workers under > differing policies". That is to say, if at T0 you open a worker and have a > CSP policy applied, and at T1 you try the same named worker under a > different policy, they are not shared. I think it makes more sense to treat opening a worker as creating an iframe. That works better for the navigation controller scenario as well (the (shared) worker is governed by the controller that governs its URL, rather than the document that created it). -- http://annevankesteren.nl/
Received on Tuesday, 14 May 2013 19:09:07 UTC