W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [CSP] Directive to disallow a response from being used as a Service Worker

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 29 Jul 2014 18:47:42 +0200
Message-ID: <CADnb78jFgtsfG_+nduVLsFZo=5buQB1H9a73X1PmnQ-Jr+0xcA@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Joshua Peek <josh@joshpeek.com>, Mike West <mkwst@google.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, Ilya Grigorik <igrigorik@google.com>, Jeffrey Yasskin <jyasskin@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jake Archibald <jakearchibald@google.com>, Alex Russell <slightlyoff@google.com>
On Tue, Jul 29, 2014 at 6:35 PM, Brad Hill <hillbrad@gmail.com> wrote:
> I think the requirement that service workers be same-origin means that
> content sandboxed to a unique origin not being able to load a service
> worker is a consequence that just naturally falls out.

Elsewhere it was interpreted that the SW resource carrying this header
would have this meaning. I agree that it would probably naturally fall
out from the page resource carrying this header. (I have not checked
the algorithms.)

Received on Tuesday, 29 July 2014 16:48:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC