- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 27 Mar 2014 15:42:47 +0000
- To: Paul Frazee <pfrazee@gmail.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>, Jake Archibald <jakearchibald@google.com>, Alec Flett <alecflett@google.com>, Alex Russell <slightlyoff@google.com>, Jungkee Song <jungkee.song@samsung.com>
On Tue, Mar 25, 2014 at 2:45 PM, Paul Frazee <pfrazee@gmail.com> wrote: > Help clarify this for me: ServiceWorkers would apply security policies by > proxying in the network stack, correct? I don't understand what you mean. > The issue of context is partly what I try to address with the JS API > proposal for CSP [1] which would allow policies to be set on individual > objects, making the Document just one policy-consumer, while ServiceWorker, > for instance, would be another. I think there's an advantage in doing that, > because it stays in the existing framework of CSP, and the policies can > apply to non-networking APIs. I don't quite understand this either. A service worker will have its own CSP. > 1. http://lists.w3.org/Archives/Public/public-webappsec/2014Mar/0078.html -- http://annevankesteren.nl/
Received on Thursday, 27 March 2014 15:43:14 UTC