- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Thu, 24 Jul 2014 15:28:40 -0700
- To: Joshua Peek <josh@joshpeek.com>
- Cc: Mike West <mkwst@google.com>, Ilya Grigorik <igrigorik@google.com>, Jeffrey Yasskin <jyasskin@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevankesteren@gmail.com>, Jake Archibald <jakearchibald@google.com>, Alex Russell <slightlyoff@google.com>
> GET https://raw.githubusercontent.com/worker.js > Content-Security-Policy: sandbox > > I'd expect the registration to fail since `worker.js` should be > considered a separate origin. That' a pretty cool idea. Currently, sandbox, I believe, only really talks about what to do for an html page but but this seems like a simple way to disable service worker registration for a particular JS file. > Regarding a custom Content-Type for service workers, if we established > some sort of file extension convention like "foo.serviceworker.js", we > could configured our /etc/mime.types for GitHub Pages static serving. > Exactly. Github itself could establish this as a convention and in all probability it might become more broadly adopted. cheers Dev
Received on Thursday, 24 July 2014 22:29:30 UTC