W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [CSP] Directive to disallow a response from being used as a Service Worker

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 29 Jul 2014 18:26:27 +0200
Message-ID: <CADnb78h2Sz2j72ANoh6f_yYOCbK5mb7rUdM=3fU5Dr7+WkvzMA@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Joshua Peek <josh@joshpeek.com>, Mike West <mkwst@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, Ilya Grigorik <igrigorik@google.com>, Jeffrey Yasskin <jyasskin@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jake Archibald <jakearchibald@google.com>, Alex Russell <slightlyoff@google.com>
On Tue, Jul 29, 2014 at 6:19 PM, Brad Hill <hillbrad@gmail.com> wrote:
> Well, a non-same-origin service worker doesn't make sense anyway, and
> neither do any of the current sandbox directives, so I'm not sure
> there is a good case for using sandbox on service workers except in
> this manner to disable them.

Wouldn't a specific header be better in that case? Or maybe if the
page is sandboxed it should not be able to have a service worker?

Received on Tuesday, 29 July 2014 16:26:55 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC