Hi > > Do people here have opinions on the names we use? I don't have opinions about names, but > non-CSP related uses. It seems to me it still makes sense to share the > vocabulary as per 1) though I could be convinced otherwise I suppose. > Sharing would at least make it easier to design an API as you'd only > need to pass one parameter to Fetch. +1. Sharing vocabulary is better. > 2) We have to carefully consider how large parts of CSP are no longer > effective in the world of service workers. You no longer have the > close tie between an API that initiates the fetch and the response. Where does CSP fall with a SW? Does it run after the SW or before SW? I.e., if SW makes a request to alice.com will the page's CSP apply to that request? If a page makes a request to alice.com, will CSP apply before the request hits the SW? > A service worker can basically handle the network request itself, in > which case the originating page knows about as much as default-src, or > it can default to the network, in which case you could probably still > use a the policy for the fetch context in place as you know the > service worker did not touch anything. Is that useful? I don't understand this paragraph. Can you explain further? thanks DevReceived on Wednesday, 26 March 2014 02:02:47 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC