Re: Intent to ship: CSP directive worker-src

> On Oct 18, 2017, at 3:30 PM, Mike West wrote: > > We do have `worker-src` tests, FWIW: > https://github.com/w3c/web-platform-tests/tree/master/content-security-policy/worker-src/ > >

Re: Intent to ship: CSP directive worker-src

We do have `worker-src` tests, FWIW: https://github.com/w3c/web-platform-tests/tree/master/content-security-policy/worker-src/. We'll likely need to adjust things based on the fallback mechanism y'all are running with (and Chrome will need to drop the weird contortions we implemented for

Re: Intent to ship: CSP directive worker-src

> On Oct 18, 2017, at 11:41 AM, James Graham wrote: > > On 18/10/17 10:35, Christoph Kerschbaumer wrote: >>> On Oct 18, 2017, at 11:25 AM, James Graham wrote: >>> >>> On 22/09/17 15:18, Christoph Kerschbaumer wrote: Hey Everyone,

Re: Intent to ship: CSP directive worker-src

On 18/10/17 10:35, Christoph Kerschbaumer wrote: On Oct 18, 2017, at 11:25 AM, James Graham wrote: On 22/09/17 15:18, Christoph Kerschbaumer wrote: Hey Everyone, within CSP2 workers used to be governed by the child-src directive [0]. CSP3 introduces the worker-src

Re: Intent to ship: CSP directive worker-src

> On Oct 18, 2017, at 11:25 AM, James Graham wrote: > > On 22/09/17 15:18, Christoph Kerschbaumer wrote: >> Hey Everyone, >> within CSP2 workers used to be governed by the child-src directive [0]. CSP3 >> introduces the worker-src directive [1] wich governs Workers,

Re: Intent to ship: CSP directive worker-src

On 22/09/17 15:18, Christoph Kerschbaumer wrote: Hey Everyone, within CSP2 workers used to be governed by the child-src directive [0]. CSP3 introduces the worker-src directive [1] wich governs Workers, SharedWorkers as well as ServiceWorkers. Please note that the child-src directive has been

Re: Intent to ship: CSP directive worker-src

I'm not sure I agree with my own comment -- that's an insane fall-back path. Might ease some backwards compatibility problems, but we don't know how many of those there will be. But then we have to live with the insanity forever. -Dan Veditz On Mon, Sep 25, 2017 at 1:01 AM, Christoph

Re: Intent to ship: CSP directive worker-src

On Fri, Sep 22, 2017 at 7:24 AM, Anne van Kesteren wrote: > > We plan to ship the CSP directive worker-src within Firefox 58. > > Will we also start enforcing script-src for workers? It seems good > that if you restrict script it actually stops all scripts. > ​Yes. That's what

Re: Intent to ship: CSP directive worker-src

> On Sep 22, 2017, at 4:24 PM, Anne van Kesteren wrote: > > On Fri, Sep 22, 2017 at 4:18 PM, Christoph Kerschbaumer > wrote: >> We plan to ship the CSP directive worker-src within Firefox 58. > > Will we also start enforcing script-src for workers? It

Re: Intent to ship: CSP directive worker-src

On Fri, Sep 22, 2017 at 4:18 PM, Christoph Kerschbaumer wrote: > We plan to ship the CSP directive worker-src within Firefox 58. Will we also start enforcing script-src for workers? It seems good that if you restrict script it actually stops all scripts. --

Intent to ship: CSP directive worker-src

Hey Everyone, within CSP2 workers used to be governed by the child-src directive [0]. CSP3 introduces the worker-src directive [1] wich governs Workers, SharedWorkers as well as ServiceWorkers. Please note that the child-src directive has been deprecated within CSP3 in favor of worker-src as