You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
https://crbug.com/939684 handles this by removing application/signed-exchange from the Accept header on fallback, but @Gregable mentions the possibility of not-checking the signature for a same-origin signed exchange.
This interacts with #397 in that we'll want to make sure the loop prevention works for every reason we might use the fallback URL.
The text was updated successfully, but these errors were encountered:
We also need to remember to check either Service-Worker-Allowed or a similar mechanism to make sure folks don't impersonate a path they're not authoritative for.
https://crbug.com/939684 handles this by removing
application/signed-exchange
from theAccept
header on fallback, but @Gregable mentions the possibility of not-checking the signature for a same-origin signed exchange.This interacts with #397 in that we'll want to make sure the loop prevention works for every reason we might use the fallback URL.
The text was updated successfully, but these errors were encountered: