Dedicated workers should be governed by the Content Security Policy delivered in their script response headers. Chrome incorrectly used to instead apply the Content Security Policy of the owner document. We would like to change chrome's behaviour to adhere to what is specified.
This is sort of a bugfix. We'd like to change chrome's behaviour to adhere to what was agreed on the specification and what other vendors (Firefox mainly) already implement.
Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form
Status in Chromium
Enabled by default
Consensus & Standardization
Last updated on 2022-02-16