Discuss the maxScopeString and Service-Worker-Allowed in security considerations #1405
Comments
mfalken
added a commit
to mfalken/ServiceWorker
that referenced
this issue
May 22, 2019
* Require Service-Worker-Allowed to be same-origin to the script URL (w3c#1307) * Add non-normative explanation of Service-Worker-Allowed (w3c#1405) and other mitigations. The text is highly inspired by https://infrequently.org/2014/12/psa-service-workers-are-coming/.
mfalken
added a commit
to mfalken/ServiceWorker
that referenced
this issue
May 29, 2019
* Require Service-Worker-Allowed to be same-origin to the script URL (w3c#1307) * Add non-normative explanation of Service-Worker-Allowed (w3c#1405) and other mitigations. The text is highly inspired by https://infrequently.org/2014/12/psa-service-workers-are-coming/.
mfalken
added a commit
that referenced
this issue
May 29, 2019
* Require Service-Worker-Allowed to be same-origin to the script URL (#1307) * Add non-normative explanation of Service-Worker-Allowed (#1405) and other mitigations. The text is highly inspired by https://infrequently.org/2014/12/psa-service-workers-are-coming/.
|
Thanks, added in #1409. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Service-Worker-Allowedand the maxScopeString in Update exist to protect sites that allow different users to operate within different paths but don't want those users to overwrite each other's content. This could use some discussion in the Security Considerations since it's not particularly obvious that there is this protection or what its limits are.The text was updated successfully, but these errors were encountered: