-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
how to decide if workers are subresources or separate contexts #310
Comments
The specific issue we were debating in WebAppSec was whether or not a document's Content Security Policy (and Referrer Policy, et al) should be inherited by a dedicated worker, or whether the dedicated worker ought to be considered a distinct environment entirely with its own policy (which is the model we use for Firefox implements the latter model, while Chrome implements the former. This is unfortunate, and we need some help working out the principles at play here. |
We're trying to figure out how relevant this issue still is. @mikewest do you think it is? I suspect that if the TAG needs to do something here, it would be helpful to have some sort of explainer or other written document. |
This relates to w3ctag/design-principles#111 and whatwg/html#3270. This was discussed at TPAC of which I wrote a summary at whatwg/html#3270 (comment). I think this can be closed at this point. |
Will close here and follow up in w3ctag/design-principles#111 |
We discussed this briefly in today's teleconference and decided that there's probably some documenting of the state of things that should be done, but the open w3ctag/design-principles#111 is a better place to do that than here. |
WebAppSec fielded a question today that has some implications for our broader review: how do eventual URLs get propagated and inherited? Are there principles behind that? Should they be enunciated?
The specific question related to worker contexts which have to resolve URLs based on the parent document. WebAppSec and the CSP spec would like guidance here.
/cc @mikewest
The text was updated successfully, but these errors were encountered: