- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 13 Nov 2014 11:40:17 +0100
- To: Mike West <mkwst@google.com>
- Cc: David Dorwin <ddorwin@google.com>, Brian Smith <brian@briansmith.org>, Mark Watson <watsonm@netflix.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Nov 13, 2014 at 11:16 AM, Mike West <mkwst@google.com> wrote: > It's not clear to me where we ended up in that conversation. My suggestion > was that we allow requests based on the request context: if the user agent > would block script, then block insecure script requests from a SW. If the > user agent would display images, don't block insecure image requests from a > SW. We have not tied it to the response in some way and then enforce at the API layer that only certain responses can be used, so I don't think that strategy would work, unless we design things differently... -- https://annevankesteren.nl/
Received on Thursday, 13 November 2014 10:40:44 UTC