Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSP3: Service Worker "kill switch" #174

Open
joelweinberger opened this issue Feb 11, 2015 · 3 comments
Open

CSP3: Service Worker "kill switch" #174

joelweinberger opened this issue Feb 11, 2015 · 3 comments
Labels
Milestone

Comments

@joelweinberger
Copy link
Contributor

We should consider whether CSP is the right place to have a "kill switch" that specifies whether a Service Worker should be allowed on the page or not. In w3c/ServiceWorker#614, @annevk suggests that CSP would be a better place to have such control, rather than an explicit Service Worker header. cc @slightlyoff @KenjiBaheux

@mikewest mikewest reopened this Feb 12, 2015
@mikewest mikewest added this to the CSP 3 milestone Feb 12, 2015
@devd
Copy link
Contributor

devd commented Feb 13, 2015

I don't know ..seems weird. SW is origin (or,uggh, directory) grained while CSP is very much page granularity. And fundamentally, if a SW is already registered, then the SW will catch the load before it hits the server.

Do you mean "Use CSP to say --don't allow this page to ever register a SW"? Not sure this is good; it might lead people to a false sense of security. The security of SW registration really relies on the script file being same origin and in a particular location (and sending the service-worker header on the request for that script); not on "these are the pages allowed or disallowed to register a SW"

@KenjiBaheux
Copy link

And fundamentally, if a SW is already registered, then the SW will catch the load before it hits the server.

I think it's worth pointing that the user agent will automatically seek updates for a Service Worker script (respecting the max-age directive if it's less than 24 hours). These requests can not be intercepted by the Service Worker.

The spec also allows UA to do more frequent checks with soft update.

@joelweinberger
Copy link
Contributor Author

I was imaging such a kill switch having two effects:

  1. Killing all Service Workers currently running on the origin.
  2. Not allowing a Service Worker to be installed in the current page context.

(1) is probably the less important point because a malicious SW that's already running could, of course, intercept this CSP and modify it to take away the kill switch. (2) seems more interesting to me as it's the usual use of CSP to whitelist allowed content and behavior in the page, in this case, registering SWs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants