Re: CSP sandboxing and workers

What would you expect such a table to contain?

Sorry, I don't think I've understood the points around which you've heard
developer confusion, Brad.


Mike West <>
Google+:, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

On Tue, Jun 3, 2014 at 2:47 AM, Oda, Terri <> wrote:

> On Mon, Jun 2, 2014 at 9:04 AM, Brad Hill <> wrote:
>> A wider point of possible confusion here - we need to make sure
>> developers understand they can't use CSP to enforce restrictions like
>> sandboxing on a script file.  (I've had very smart people ask me about
>> this in the past - the model of what is a "resource" from the
>> browser's internals is not immediately obvious to everyone.)
>> (...)
>> Among "JavaScript global environment", "document environment",
>> "dedicated worker environment", "shared worker
>> environment", and "worker environment", where does CSP state live and
>> what loads get to influence it?  Maybe a table would be helpful.
> +1 to the idea of a table.
> While I haven't directly gotten that question, I could definitely see it
> coming up, and I know I have had similar confused questions about same
> origin that seem to be answered most clearly with a table.

Received on Tuesday, 3 June 2014 08:46:17 UTC