'script-src' was a bit broken for workers.

w3c · Apr 6, 2017 · 20b9193 · 20b9193
1 parent 6b9fdc9
commit 20b9193
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/index.html b/index.html
@@ -1176,7 +1176,8 @@
 		}
 	}
 </style>
-  <meta content="Bikeshed version a65093ce3e69a8d01029b4650499d152cd9bd39a" name="generator">
+  <meta content="Bikeshed version 26ea3a45cb5052b41bc87174096f9f0093d5064f" name="generator">
+  <link href="https://www.w3.org/TR/CSP3/" rel="canonical">
 <style>
   ul.toc ul ul ul {
     margin: 0 0 0 2em;
@@ -1453,7 +1454,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
    <h1>Content Security Policy Level 3</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2017-03-23">23 March 2017</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2017-04-06">6 April 2017</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -3606,7 +3607,7 @@ <h5 class="heading settled algorithm" data-algorithm="script-src Pre-request che
       <p>If the result of executing <a href="#effective-directive-for-a-request">§6.6.1.11 Get the effective directive for request</a> on <var>request</var> is "<code>worker-src</code>", and <var>policy</var> contains a <a data-link-type="dfn" href="#directives" id="ref-for-directives-26">directive</a> whose <a data-link-type="dfn" href="#directive-name" id="ref-for-directive-name-21">name</a> is "<code>worker-src</code>", return "<code>Allowed</code>".</p>
       <p class="note" role="note"><span>Note:</span> If <code>worker-src</code> is present, we’ll defer to it when handling worker requests.</p>
      <li data-md="">
-      <p>If <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-type">type</a> is "<code>script</code>", and its <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-destination">destination</a> is "<code>subresource</code>":</p>
+      <p>If <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-type">type</a> is "<code>script</code>":</p>
       <ol>
        <li data-md="">
         <p>If the result of executing <a href="#match-nonce-to-source-list">§6.6.1.2 Does nonce match source list?</a> on <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-nonce-metadata">cryptographic nonce metadata</a> and this
@@ -3669,7 +3670,7 @@ <h5 class="heading settled algorithm" data-algorithm="script-src Post-request ch
       <p>If the result of executing <a href="#effective-directive-for-a-request">§6.6.1.11 Get the effective directive for request</a> on <var>request</var> is "<code>worker-src</code>", and <var>policy</var> contains a <a data-link-type="dfn" href="#directives" id="ref-for-directives-27">directive</a> whose <a data-link-type="dfn" href="#directive-name" id="ref-for-directive-name-22">name</a> is "<code>worker-src</code>", return "<code>Allowed</code>".</p>
       <p class="note" role="note"><span>Note:</span> If <code>worker-src</code> is present, we’ll defer to it when handling worker requests.</p>
      <li data-md="">
-      <p>If <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-type">type</a> is "<code>script</code>", and its <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-destination">destination</a> is "<code>subresource</code>":</p>
+      <p>If <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-type">type</a> is "<code>script</code>":</p>
       <ol>
        <li data-md="">
         <p>If the result of executing <a href="#match-nonce-to-source-list">§6.6.1.2 Does nonce match source list?</a> on <var>request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-nonce-metadata">cryptographic nonce metadata</a> and this

diff --git a/index.src.html b/index.src.html
@@ -2478,8 +2478,7 @@ <h5 algorithm id="script-src-pre-request">
 
       Note: If `worker-src` is present, we'll defer to it when handling worker requests.
 
-  2.  If |request|'s <a for="request">type</a> is "`script`", and its
-      <a for="request">destination</a> is "`subresource`":
+  2.  If |request|'s <a for="request">type</a> is "`script`":
 
       1.  If the result of executing [[#match-nonce-to-source-list]] on
           |request|'s <a for="request">cryptographic nonce metadata</a> and this
@@ -2553,8 +2552,7 @@ <h5 algorithm id="script-src-post-request">
 
       Note: If `worker-src` is present, we'll defer to it when handling worker requests.
 
-  2.  If |request|'s <a for="request">type</a> is "`script`", and its
-      <a for="request">destination</a> is "`subresource`":
+  2.  If |request|'s <a for="request">type</a> is "`script`":
 
       1.  If the result of executing [[#match-nonce-to-source-list]] on
           |request|'s <a for="request">cryptographic nonce metadata</a> and this