W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: CSP: workers

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 16 May 2013 10:02:06 -0700
Message-ID: <5195110E.80400@mozilla.com>
To: Anne van Kesteren <annevk@annevk.nl>
CC: WebAppSec WG <public-webappsec@w3.org>
On 5/14/2013 12:08 PM, Anne van Kesteren wrote:
> I think it makes more sense to treat opening a worker as creating an
> iframe. That works better for the navigation controller scenario as
> well (the (shared) worker is governed by the controller that governs
> its URL, rather than the document that created it).

If not from the document which created it how do you define the CSP for 
a worker, from a CSP header when it's loaded? In all other cases we're 
ignoring CSP headers on script files.

-Dan Veditz

Received on Thursday, 16 May 2013 17:02:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC