Btw, background sync is the best way to sync user's push notification subscription with a server.
https://twitter.com/philnash/status/805742635843469312 …
-
-
Replying to @nekrtemplar
@slightlylate@philnash@code_europe I wonder what XSS attackers think of that cc@garethheyes3 replies 0 retweets 1 like -
Replying to @manicode @nekrtemplar and
yes it is (forever). Don't you <3 the web moving forward?
1 reply 1 retweet 3 likes -
Replying to @kkotowicz @nekrtemplar and
It's a golden age for attackers; for sure!
1 reply 0 retweets 1 like -
Replying to @manicode
: "forever modulo the time limits and mitigations" wasn't snappy? /cc
@kkotowicz@nekrtemplar@philnash@code_europe@garethheyes3 replies 1 retweet 2 likes -
Replying to @slightlylate
And seriously, what are some of your suggestions for secure service workers? (I have some studying to do...)
1 reply 0 retweets 0 likes -
Replying to @manicode
: services should limit the URLs that can serve SW scripts, for one. Check for the `Service-Worker` header: https://w3c.github.io/ServiceWorker/#service-worker-script-request …
1 reply 2 retweets 4 likes -
Replying to @slightlylate @manicode
next, for sanity, low TTLs on SW scripts
1 reply 1 retweet 2 likes -
Replying to @slightlylate
: and implement (and test!) a SW "kill switch" script that unregisters & clobbers storage.
1 reply 1 retweet 1 like
: eventual solution is: https://w3c.github.io/webappsec-clear-site-data/ …
/cc @mikewest
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.