Nice docs by @fugueish on service worker security considerations: https://sites.google.com/a/chromium.org/dev/Home/chromium-security/security-faq/service-worker-security-faq …
And what does signing buy? We can kill-switch bad push senders just as (or more) easily.
-
-
Yeah, not buying that. Google claims to police GCM too. Don't believe in the enumerating badness and IDS fluff.
-
Signing means a compromised server doesn't allow executing code on the user's device and obtaining the data they have stored in that app.
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.