- From: Jeffrey Yasskin <jyasskin@google.com>
- Date: Sun, 27 Jul 2014 13:25:31 -0700
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Joshua Peek <josh@joshpeek.com>, Mike West <mkwst@google.com>, Ilya Grigorik <igrigorik@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevankesteren@gmail.com>, Jake Archibald <jakearchibald@google.com>, Alex Russell <slightlyoff@google.com>
On Thu, Jul 24, 2014 at 3:28 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: >> GET https://raw.githubusercontent.com/worker.js >> Content-Security-Policy: sandbox >> >> I'd expect the registration to fail since `worker.js` should be >> considered a separate origin. > > That' a pretty cool idea. Currently, sandbox, I believe, only really > talks about what to do for an html page but but this seems like a > simple way to disable service worker registration for a particular JS > file. I've tried to apply this at https://github.com/slightlyoff/ServiceWorker/pull/389. It's clearly not quite the wording we'll want in the long run as there's time to fix up other specs, but I think it has the right effect for now.
Received on Sunday, 27 July 2014 20:26:18 UTC