On Wed, 12 Nov 2014, Mike West wrote:
>
> The CSP spec should just delegate to HTML here. If/when HTML defines
> sandboxing with regard to Workers, CSP will just start using those
> hooks.
>
> I'd agree, for example, that it does appear that sandboxing a worker
> into a unique origin could be i
+1
Mike West writes:
> The CSP spec should just delegate to HTML here. If/when HTML defines
> sandboxing with regard to Workers, CSP will just start using those hooks.
Reasonable, the issue also appears outside CSP: if I create a worker in
a sandboxed iframe, what should its origin be? (Or sho
The CSP spec should just delegate to HTML here. If/when HTML defines
sandboxing with regard to Workers, CSP will just start using those hooks.
I'd agree, for example, that it does appear that sandboxing a worker into a
unique origin could be interesting. It's not clear to me whether any of the
oth
On Thu, Nov 6, 2014 at 5:10 AM, Deian Stefan wrote:
> I am implementing CSP for Workers in Firefox, but like to get a
> clarification on workers and the sandbox flag. Currently, a Worker can
> inherit or be accompanied by a CSP header. As written, the implications
> of the sandbox directive on the
