Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cause a Content-Security-Policy: sandbox header to unregister the Service Worker at that scriptURL. #389

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

jyasskin
Copy link
Member

Joshua Peek suggested that this should work
(http://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0109.html)
because sandbox gives the resource a unique origin, which combines with
Service Workers' same-origin policy to disallow execution.

See #113 and #224.

@jyasskin
Copy link
Member Author

@annevk Could you say that on the webappsec thread? It might help push them toward agreeing on some dedicated SW CSP header.

…vice Worker at that scriptURL.

Joshua Peek suggested that this should work
(http://lists.w3.org/Archives/Public/public-webappsec/2014Jul/0109.html)
because `sandbox` gives the resource a unique origin, which combines with
Service Workers' same-origin policy to disallow execution.

See w3c#113 and w3c#224.
@annevk
Copy link
Member

annevk commented Jul 29, 2014

@slightlyoff
Copy link
Contributor

Do we have a decision here?

@annevk
Copy link
Member

annevk commented Mar 12, 2015

I don't think we have sandboxing for workers yet or decided what that would mean. As far as unregistering goes I think we decided upon something else, no?

Base automatically changed from master to main February 4, 2021 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants