> On Oct 18, 2017, at 3:30 PM, Mike West wrote:
>
> We do have `worker-src` tests, FWIW:
> https://github.com/w3c/web-platform-tests/tree/master/content-security-policy/worker-src/
>
>
We do have `worker-src` tests, FWIW:
https://github.com/w3c/web-platform-tests/tree/master/content-security-policy/worker-src/.
We'll likely need to adjust things based on the fallback mechanism y'all
are running with (and Chrome will need to drop the weird contortions we
implemented for
> On Oct 18, 2017, at 11:41 AM, James Graham wrote:
>
> On 18/10/17 10:35, Christoph Kerschbaumer wrote:
>>> On Oct 18, 2017, at 11:25 AM, James Graham wrote:
>>>
>>> On 22/09/17 15:18, Christoph Kerschbaumer wrote:
Hey Everyone,
On 18/10/17 10:35, Christoph Kerschbaumer wrote:
On Oct 18, 2017, at 11:25 AM, James Graham wrote:
On 22/09/17 15:18, Christoph Kerschbaumer wrote:
Hey Everyone,
within CSP2 workers used to be governed by the child-src directive [0]. CSP3
introduces the worker-src
> On Oct 18, 2017, at 11:25 AM, James Graham wrote:
>
> On 22/09/17 15:18, Christoph Kerschbaumer wrote:
>> Hey Everyone,
>> within CSP2 workers used to be governed by the child-src directive [0]. CSP3
>> introduces the worker-src directive [1] wich governs Workers,
On 22/09/17 15:18, Christoph Kerschbaumer wrote:
Hey Everyone,
within CSP2 workers used to be governed by the child-src directive [0]. CSP3
introduces the worker-src directive [1] wich governs Workers, SharedWorkers as
well as ServiceWorkers. Please note that the child-src directive has been
I'm not sure I agree with my own comment -- that's an insane fall-back
path. Might ease some backwards compatibility problems, but we don't know
how many of those there will be. But then we have to live with the insanity
forever.
-Dan Veditz
On Mon, Sep 25, 2017 at 1:01 AM, Christoph
On Fri, Sep 22, 2017 at 7:24 AM, Anne van Kesteren wrote:
> > We plan to ship the CSP directive worker-src within Firefox 58.
>
> Will we also start enforcing script-src for workers? It seems good
> that if you restrict script it actually stops all scripts.
>
Yes. That's what
> On Sep 22, 2017, at 4:24 PM, Anne van Kesteren wrote:
>
> On Fri, Sep 22, 2017 at 4:18 PM, Christoph Kerschbaumer
> wrote:
>> We plan to ship the CSP directive worker-src within Firefox 58.
>
> Will we also start enforcing script-src for workers? It
On Fri, Sep 22, 2017 at 4:18 PM, Christoph Kerschbaumer
wrote:
> We plan to ship the CSP directive worker-src within Firefox 58.
Will we also start enforcing script-src for workers? It seems good
that if you restrict script it actually stops all scripts.
--
Hey Everyone,
within CSP2 workers used to be governed by the child-src directive [0]. CSP3
introduces the worker-src directive [1] wich governs Workers, SharedWorkers as
well as ServiceWorkers. Please note that the child-src directive has been
deprecated within CSP3 in favor of worker-src as
11 matches
Mail list logo