|
|
|
|
|
|
by comex
3751 days ago
|
|
|
The default scope is the basename, but you can customize it, can't you? As I said, the text/javascript Content-Type is another one the CDN is willing to serve if you change the extension. I'm silly and didn't think of the fact that unlike HTML, a JS file can't be random binary garbage with a payload embedded somewhere in the middle. However, I am not sure that some allowed image format doesn't allow putting, say, // close enough to the beginning of the file that it will work. It seems like it might be possible with the JPEG header, but of course it depends on the post processing done. (Or maybe there is some way to upload non-images?) |
|
|
"Service Workers are restricted by the path of the Service Worker script unless the Service-Worker-Scope: header is set" [1]
I do wish the spec required a 'Content-type: text/service-worker', as that would effectively eliminate accidental ServiceWorkers as a threat.
[1] https://infrequently.org/2014/12/psa-service-workers-are-com...