- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Thu, 16 May 2013 10:02:06 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- CC: WebAppSec WG <public-webappsec@w3.org>
Received on Thursday, 16 May 2013 17:02:39 UTC
On 5/14/2013 12:08 PM, Anne van Kesteren wrote: > I think it makes more sense to treat opening a worker as creating an > iframe. That works better for the navigation controller scenario as > well (the (shared) worker is governed by the controller that governs > its URL, rather than the document that created it). If not from the document which created it how do you define the CSP for a worker, from a CSP header when it's loaded? In all other cases we're ignoring CSP headers on script files. -Dan Veditz
Received on Thursday, 16 May 2013 17:02:39 UTC