Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

how to decide if workers are subresources or separate contexts #310

Closed
slightlyoff opened this issue Oct 23, 2018 · 5 comments
Closed

how to decide if workers are subresources or separate contexts #310

slightlyoff opened this issue Oct 23, 2018 · 5 comments

Comments

@slightlyoff
Copy link
Member

WebAppSec fielded a question today that has some implications for our broader review: how do eventual URLs get propagated and inherited? Are there principles behind that? Should they be enunciated?

The specific question related to worker contexts which have to resolve URLs based on the parent document. WebAppSec and the CSP spec would like guidance here.

/cc @mikewest

@mikewest
Copy link

The specific issue we were debating in WebAppSec was whether or not a document's Content Security Policy (and Referrer Policy, et al) should be inherited by a dedicated worker, or whether the dedicated worker ought to be considered a distinct environment entirely with its own policy (which is the model we use for <iframe>, as well as Shared Workers and Service Workers).

Firefox implements the latter model, while Chrome implements the former. This is unfortunate, and we need some help working out the principles at play here.

@torgo torgo changed the title [TPAC][HTML General Review]: how to decide if workers are subresources or separate contexts how to decide if workers are subresources or separate contexts Oct 30, 2018
@dbaron dbaron self-assigned this Oct 30, 2018
@dbaron
Copy link
Member

dbaron commented Sep 10, 2019

We're trying to figure out how relevant this issue still is. @mikewest do you think it is? I suspect that if the TAG needs to do something here, it would be helpful to have some sort of explainer or other written document.

@dbaron dbaron added this to the 2019-10-02-telecon milestone Sep 12, 2019
@annevk
Copy link
Member

annevk commented Sep 25, 2019

This relates to w3ctag/design-principles#111 and whatwg/html#3270. This was discussed at TPAC of which I wrote a summary at whatwg/html#3270 (comment). I think this can be closed at this point.

@plinss
Copy link
Member

plinss commented Oct 2, 2019

Will close here and follow up in w3ctag/design-principles#111

@plinss plinss closed this as completed Oct 2, 2019
@dbaron
Copy link
Member

dbaron commented Oct 2, 2019

We discussed this briefly in today's teleconference and decided that there's probably some documenting of the state of things that should be done, but the open w3ctag/design-principles#111 is a better place to do that than here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants