Re: [CSP] Directive to disallow a response from being used as a Service Worker from Ilya Grigorik on 2014-07-24 (public-webappsec@w3.org from July 2014)

From: Ilya Grigorik <igrigorik@google.com>
Date: Thu, 24 Jul 2014 10:30:29 -0700
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: Mike West <mkwst@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, Joshua Peek <josh@joshpeek.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevankesteren@gmail.com>, Jake Archibald <jakearchibald@google.com>, Alex Russell <slightlyoff@google.com>
Message-ID: <CADXXVKrmigVmfSxOZMUX-pZZZk2V8RzUBJ=VEwhEchS5FHJn8Q@mail.gmail.com>

On Thu, Jul 24, 2014 at 8:52 AM, Jeffrey Yasskin <jyasskin@google.com>
wrote:

> > On Thu, Jul 24, 2014 at 4:04 AM, Devdatta Akhawe <dev.akhawe@gmail.com>
> > wrote:
> >> For request headers, how about a "CH-Context: ServiceWorker"? That makes
> >> more sense to me than "Service-Worker: script" and it also follows the
> >> client hint format.
> >
> > This seems like a reasonable way of pushing the data up to the server,
> and
> > it's probably useful for server-side response prioritization regardless:
> > Ilya? WDYT?
>
> I've spec'ed this suggestion at
> https://github.com/slightlyoff/ServiceWorker/pull/384. Feel free to
> tell us to spec something else, of course.


FWIW, the CH- prefix may be unnecessary and you can simplify it to just
"CSP" and "Context". Some background:
https://github.com/igrigorik/http-client-hints/issues/24

ig

Received on Thursday, 24 July 2014 17:31:37 UTC