W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

Re: CSP sandboxing and workers

From: Mike West <mike@mikewest.org>
Date: Sun, 1 Jun 2014 11:46:44 +0200
Message-ID: <CAJToGzNYUCmm1gWHpgENg+5aEqOx1vmHTC9kwbxj_=AxooLOLw@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WebAppSec WG <public-webappsec@w3.org>, Ian Hickson <ian@hixie.ch>
I could certainly see value in sandboxing a worker, at least for the
'allow-same-origin' bits. I'm not sure how applicable the other flags are.

-mike


On Sun, Jun 1, 2014 at 10:04 AM, Anne van Kesteren <annevk@annevk.nl> wrote:

> We should note in the specification that sandboxing only has effect
> when CSP applies to a global environment associated with a browsing
> context. It wouldn't apply to workers or e.g. a document fetched
> through XMLHttpRequest.
>
> However, we might want to have it apply to workers, maybe we should
> introduce that?
>
>
> --
> http://annevankesteren.nl/
>
>
Received on Sunday, 1 June 2014 09:47:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:05 UTC