Re: [CSP] Directive to disallow a response from being used as a Service Worker

On Thu, Jul 24, 2014 at 3:28 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
>>   GET https://raw.githubusercontent.com/worker.js
>>   Content-Security-Policy: sandbox
>>
>> I'd expect the registration to fail since `worker.js` should be
>> considered a separate origin.
>
> That' a pretty cool idea. Currently, sandbox, I believe, only really
> talks about what to do for an html page but but this seems like a
> simple way to disable service worker registration for a particular JS
> file.

I've tried to apply this at
https://github.com/slightlyoff/ServiceWorker/pull/389. It's clearly
not quite the wording we'll want in the long run as there's time to
fix up other specs, but I think it has the right effect for now.

Received on Sunday, 27 July 2014 20:26:18 UTC