Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Allow CSP headers for worker scripts #2349

Closed
antross opened this issue May 1, 2019 · 0 comments · Fixed by #2618
Closed

[Bug] Allow CSP headers for worker scripts #2349

antross opened this issue May 1, 2019 · 0 comments · Fixed by #2618
Assignees
@sarvaje
Labels
hint-category:security type:bug
Milestone
1906-2

Comments

@antross
Copy link
Member

antross commented May 1, 2019

From @annevk

And Content-Security-Policy is also relevant to workers, which use a JavaScript MIME type (typically).

The worker case is also interesting and not currently covered. I agree webhint should allow this, though if possible still flag the headers when a script is being used somewhere other than a worker. I'll open a separate issue to track updating the implementation.

Originally posted by @antross in #2342 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sarvaje sarvaje

Labels
hint-category:security type:bug
Projects
None yet
Milestone
1906-2
Development

Successfully merging a pull request may close this issue.

Fix no html only headers sarvaje/hint
3 participants
@molant @antross @sarvaje