Re: CSP, Fetch, and Service Workers

On Thu, Mar 27, 2014 at 3:55 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> I was hoping for something stronger: the absence of child-src would
> not allow a SW. Or heck, even require an explicit "sw-src" or
> something.
>
> But, this would go against the grain of the remaining CSP directives
> so your suggestion makes sense.

Requiring CSP for a new orthogonal feature is too high a bar. I
sympathize with the purported security benefits, but we also need
people to be able to play with technology in a relatively
straightforward manner.


-- 
http://annevankesteren.nl/

Received on Thursday, 27 March 2014 15:31:04 UTC