CSP3: The 'worker-src' directive

Category: Security
Type: New or changed feature
Status: Enabled by default (Chrome 59)
Intent stage: None

Summary

The 'worker-src' directive restricts the URLs which may be loaded as a Worker, SharedWorker, or ServiceWorker. It falls back to 'child-src' (which, in turn, falls back to 'default-src').

Standards & signals

Specification: https://w3c.github.io/webappsec-csp/#directive-worker-src
Firefox: Positive
Safari: No signal
Web developers: No signals
Tracking bug: https://crbug.com/662930

View on chromestatus.com