@jaffathecake I thought the https requirement had been relaxed.
-
-
-
Replying to @jaffathecake
@jaffathecake@tobie are we talking about service worker? if so presumably the security issue is just as bad for appcache? if not, ignore me2 replies 0 retweets 0 likes -
Replying to @andrewsmatt
@andrewsmatt@jaffathecake@tobie : AppCache doesn't have the same power to amplify ownership over huge swaths of URL space1 reply 0 retweets 0 likes -
Replying to @slightlylate
@slightlylate Yes but if the security issue is that it's possible to hijack a domain then baddie only needs to hijack 1 URL eg. / or /login3 replies 0 retweets 0 likes
Replying to @andrewsmatt
@andrewsmatt that collapses the window-of-pwnage to time-to-fix + 1d. Not ideal. Not catastrophic.
7:54 PM - 8 May 2014
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.