Open
Bug 1455077
Opened 6 years ago
Updated 2 years ago
investigate where service worker code should call NS_CheckContentLoadPolicy()
Categories
(Core :: DOM: Service Workers, enhancement, P3)
Core
DOM: Service Workers
Tracking
()
NEW
People
(Reporter: bkelly, Unassigned)
References
(Blocks 1 open bug)
Details
Currently we call NS_CheckContentLoadPolicy() explicitly in ServiceWorkerContainer::Register(). In some ways this is unnecessary since we also check this via AsyncOpen2() when first downloading the script. In other ways its not enough because we don't check the content policy when loading a previously offlined script to spawn a service worker thread. We should investigate what policy we actually want and move the checks to the right place.
Reporter | ||
Comment 1•6 years ago
|
||
The existing NS_CheckContentLoadPolicy() stuff was added in bug 1208559. Note, there is still an open spec issue from this: https://github.com/w3c/ServiceWorker/issues/755
See Also: → 1208559
Reporter | ||
Comment 2•6 years ago
|
||
And the reason we have the ServiceWorkerContainer::Register() check is to validate CSP. This is tested in: dom/security/test/csp/test_service_worker.html Unfortunately this needs a document so we have to trust the content process to do it.
Updated•6 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•