A PSA about the security implications of Service Workers for multi-user sites: https://infrequently.org/2014/12/psa-service-workers-are-coming/ …
/cc @frgx @jaffathecake @metromoxie
-
-
Replying to @slightlylate
@slightlylate@KenjiBaheux@frgx@jaffathecake@metromoxie: What happened to the unique MIME type suggestion? I thought we ended up there.1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@slightlylate@KenjiBaheux@frgx@metromoxie http://jakearchibald.com/2014/launching-sw-without-breaking-the-web/ … - the path restriction takes care of the vast majority1 reply 0 retweets 1 like -
Replying to @jaffathecake
@mikewest@slightlylate@KenjiBaheux@frgx@metromoxie …without bringing the number of ServiceWorker-compatible hosts down to zero2 replies 0 retweets 0 likes -
Replying to @jaffathecake
@jaffathecake@slightlylate@KenjiBaheux: For something like SW, it seems like trading adoption for security would have been reasonable.2 replies 0 retweets 2 likes -
Replying to @mikewest
@mikewest@slightlylate@KenjiBaheux we did that with the HTTPS restriction. Also, we enforce a JS mime type. What's still vulnerable?1 reply 0 retweets 0 likes
@mikewest : indeed, we've traded a LOT of usability away for security. This is a corner case and we can change
@KenjiBaheux @jaffathecake
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.