W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: CSP, Fetch, and Service Workers

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 27 Mar 2014 15:42:47 +0000
Message-ID: <CADnb78jbBtfrFUZtgwmC-9zurFPkn8UYAhXoAysQ7ZDNcoaD7Q@mail.gmail.com>
To: Paul Frazee <pfrazee@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>, Jake Archibald <jakearchibald@google.com>, Alec Flett <alecflett@google.com>, Alex Russell <slightlyoff@google.com>, Jungkee Song <jungkee.song@samsung.com>
On Tue, Mar 25, 2014 at 2:45 PM, Paul Frazee <pfrazee@gmail.com> wrote:
> Help clarify this for me: ServiceWorkers would apply security policies by
> proxying in the network stack, correct?

I don't understand what you mean.

> The issue of context is partly what I try to address with the JS API
> proposal for CSP [1] which would allow policies to be set on individual
> objects, making the Document just one policy-consumer, while ServiceWorker,
> for instance, would be another. I think there's an advantage in doing that,
> because it stays in the existing framework of CSP, and the policies can
> apply to non-networking APIs.

I don't quite understand this either. A service worker will have its own CSP.

> 1. http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0078.html

Received on Thursday, 27 March 2014 15:43:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:38 UTC