W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [CSP] Directive to disallow a response from being used as a Service Worker

From: Jeffrey Yasskin <jyasskin@google.com>
Date: Sun, 27 Jul 2014 13:26:32 -0700
Message-ID: <CANh-dX=K21u6y10yO1DCALnGmjh6LiQpCSMJm_Rv6_8HXXEeaA@mail.gmail.com>
To: Ilya Grigorik <igrigorik@google.com>
Cc: Mike West <mkwst@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, Joshua Peek <josh@joshpeek.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevankesteren@gmail.com>, Jake Archibald <jakearchibald@google.com>, Alex Russell <slightlyoff@google.com>
On Thu, Jul 24, 2014 at 10:30 AM, Ilya Grigorik <igrigorik@google.com> wrote:
>
> On Thu, Jul 24, 2014 at 8:52 AM, Jeffrey Yasskin <jyasskin@google.com>
> wrote:
>>
>> > On Thu, Jul 24, 2014 at 4:04 AM, Devdatta Akhawe <dev.akhawe@gmail.com>
>> > wrote:
>> >> For request headers, how about a "CH-Context: ServiceWorker"? That
>> >> makes
>> >> more sense to me than "Service-Worker: script" and it also follows the
>> >> client hint format.
>> >
>> > This seems like a reasonable way of pushing the data up to the server,
>> > and
>> > it's probably useful for server-side response prioritization regardless:
>> > Ilya? WDYT?
>>
>> I've spec'ed this suggestion at
>> https://github.com/slightlyoff/ServiceWorker/pull/384. Feel free to
>> tell us to spec something else, of course.
>
>
> FWIW, the CH- prefix may be unnecessary and you can simplify it to just
> "CSP" and "Context". Some background:
> https://github.com/igrigorik/http-client-hints/issues/24

I'm happy to apply this suggestion, but it'd be nice to hear some
support for it from other folks on the list.
Received on Sunday, 27 July 2014 20:27:22 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC