Contact emailsantoniosart...@chromium.org Specification https://html.spec.whatwg.org/#initialize-worker-policy-container https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#csp_in_workers
Summary Dedicated workers should be governed by the Content Security Policy delivered in their script response headers. Chrome incorrectly used to instead apply the Content Security Policy of the owner document. We would like to change chrome's behaviour to adhere to what is specified. For background, see the discussion on the github issue where this was agreed: https://github.com/w3c/webappsec-csp/issues/336 Blink componentBlink>SecurityFeature>ContentSecurityPolicy <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3EContentSecurityPolicy> TAG review TAG review statusNot applicable Risks Interoperability and Compatibility Gecko: Shipped/Shipping See also the discussion on the issue https://github.com/w3c/webappsec-csp/issues/336 WebKit: N/A Web developers: Positive ( https://bugs.chromium.org/p/chromium/issues/detail?id=1012640) This has been reported as a bug to chrome. Debuggability Warnings regarding Content Security Policy are and will continue to be reported in the devtools console. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ?Yes Flag name Requires code in //chrome?False Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1253267 Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5715844005888000 This intent message was generated by Chrome Platform Status <https://www.chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOzWxF5EX2mHofXHLK_V7VTQ5v%3DPcunu_BiF%2BzFJQTFy9DSwTQ%40mail.gmail.com.