Re: CSP, Fetch, and Service Workers

On Tue, Mar 25, 2014 at 2:45 PM, Paul Frazee <pfrazee@gmail.com> wrote:
> Help clarify this for me: ServiceWorkers would apply security policies by
> proxying in the network stack, correct?

I don't understand what you mean.


> The issue of context is partly what I try to address with the JS API
> proposal for CSP [1] which would allow policies to be set on individual
> objects, making the Document just one policy-consumer, while ServiceWorker,
> for instance, would be another. I think there's an advantage in doing that,
> because it stays in the existing framework of CSP, and the policies can
> apply to non-networking APIs.

I don't quite understand this either. A service worker will have its own CSP.


> 1. http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0078.html


-- 
http://annevankesteren.nl/

Received on Thursday, 27 March 2014 15:43:14 UTC