Re: [CSP] Directive to disallow a response from being used as a Service Worker

>   GET https://raw.githubusercontent.com/worker.js
>   Content-Security-Policy: sandbox
>
> I'd expect the registration to fail since `worker.js` should be
> considered a separate origin.

That' a pretty cool idea. Currently, sandbox, I believe, only really
talks about what to do for an html page but but this seems like a
simple way to disable service worker registration for a particular JS
file.

> Regarding a custom Content-Type for service workers, if we established
> some sort of file extension convention like "foo.serviceworker.js", we
> could configured our /etc/mime.types for GitHub Pages static serving.
>

Exactly. Github itself could establish this as a convention and in all
probability it might become more broadly adopted.

cheers
Dev

Received on Thursday, 24 July 2014 22:29:30 UTC