Open jungkees opened 9 years ago
@mikewest this seems fully resolved in level 3 of the specification.
As mentioned in related SW issue there is a confusing mention in the specification for the ED level 2: https://w3c.github.io/webappsec-csp/2/#child_src
"URL while processing the Worker or SharedWorker constructors"
Can ServiceWorker be added to this sentence also or there is an implication of backdating that to level 2?
I think CSP needs a hook for service workers to enforce a CSP policy. As I understood, adding Run Service Worker in section 5.1. Workers of CSP spec would work in general. I.e. "Whenever a user agent runs a worker or Run Service Worker:" Could you add this? Or any better suggestion?
Related SW issue: https://github.com/slightlyoff/ServiceWorker/issues/378