Re: [CSP] Directive to disallow a response from being used as a Service Worker

I think the requirement that service workers be same-origin means that
content sandboxed to a unique origin not being able to load a service
worker is a consequence that just naturally falls out.

I don't know that we want to specifically make it more restrictive
than that, because there are proposals floating around to sandbox
named sub-origins that could be shared by several resources, in which
case I could easily imagine service workers being used within those.

On Tue, Jul 29, 2014 at 9:26 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Tue, Jul 29, 2014 at 6:19 PM, Brad Hill <hillbrad@gmail.com> wrote:
>> Well, a non-same-origin service worker doesn't make sense anyway, and
>> neither do any of the current sandbox directives, so I'm not sure
>> there is a good case for using sandbox on service workers except in
>> this manner to disable them.
>
> Wouldn't a specific header be better in that case? Or maybe if the
> page is sandboxed it should not be able to have a service worker?
>
>
> --
> http://annevankesteren.nl/

Received on Tuesday, 29 July 2014 16:35:43 UTC