Skip to content

[worklets] Provide hook for allowing downstream specs to specify a CSP destination. #378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bfgeek opened this issue Apr 7, 2017 · 4 comments · Fixed by #388
Closed

[worklets] Provide hook for allowing downstream specs to specify a CSP destination. #378

bfgeek opened this issue Apr 7, 2017 · 4 comments · Fixed by #388
Assignees
@bfgeek
Labels
worklets-1

Comments

@bfgeek
Copy link
Contributor

bfgeek commented Apr 7, 2017

For example the css-paint-api spec should provide its worklet with a destination of "paintworklet".

Being more granular probably makes more sense here, instead of just a generic "worklet" destination.
bfgeek added a commit that referenced this issue Apr 7, 2017
@bfgeek
[worklets] Fill in privacy and security sections of worklets.
40f3917 
Fixes #92. (better late than never? ;)

Broadly speaking worklets should be allowed in non-secure contexts as
downstream specs may want to use them there.

CSP wise this should work the same as workers, using the "child-src"
directive. I've filed issue #378 to allow each downstream spec to use a
unique destination, e.g. "paintworklet", "audioworklet", etc.

The CSP spec should probably be extended to have a "worklet-src"
directive (as there is now a "worker-src" directive now?).
@bfgeek bfgeek mentioned this issue Apr 7, 2017
Closed
bfgeek added a commit that referenced this issue Apr 13, 2017
@bfgeek
[worklets] Adds hook for downstream spec to set the destination.
d077773 
Fixes #378.
@bfgeek bfgeek mentioned this issue Apr 13, 2017
Merged
@annevk annevk mentioned this issue Apr 13, 2017
Closed
@bfgeek
Copy link
Contributor Author

bfgeek commented Apr 14, 2017

Sent whatwg/fetch#527 for fetch integration.

@bfgeek
Copy link
Contributor Author

bfgeek commented Apr 14, 2017

And sent w3c/webappsec-csp#205 for CSP integration.

@tabatkins tabatkins removed the ready label Jun 13, 2019
@nhiroki nhiroki mentioned this issue Apr 27, 2020
Closed
@annevk annevk mentioned this issue May 13, 2020
Closed
@padenot
Copy link

padenot commented Jul 7, 2020

What is preventing this to be merged, @bfgeek ? The two PRs above are merged.

@padenot padenot mentioned this issue Jul 7, 2020
Merged
bfgeek added a commit that referenced this issue Jul 8, 2020
@bfgeek
[worklets] Adds hook for downstream spec to set the destination. (#388)
b0a419f 
Fixes #378.
@bfgeek
Copy link
Contributor Author

bfgeek commented Jul 8, 2020

@padenot Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bfgeek bfgeek

Labels
worklets-1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[worklets] Adds hook for downstream spec to set the destination. w3c/css-houdini-drafts
4 participants
@padenot @tabatkins @bfgeek and others