After discussion in https://github.com/whatwg/html/issues/3255 and https://github.com/whatwg/html/pull/4001, Chrome is shipping strict MIME type checks on `importScripts()` in Chrome 71 (https://chromium-review.googlesource.com/c/chromium/src/+/1206270). Intent to Remove thread with discussion and data at https://groups.google.com/a/chromium.org/d/msg/blink-dev/35t5cJQ3J_Q/FH45dl0vAwAJ. It would be lovely if y'all followed suit!
<rdar://problem/46889296>
Chrome and Firefox shipped restrictions on `importScripts()` a little while back. We're now both aiming to tighten it to `new {Shared,Service,}Worker()` as well. Perhaps y'all could weigh in, one way or another, on https://github.com/whatwg/html/issues/3255?
On the surface this seems like a good change. We will definitely dig into this asap!
We've now merged the second stage of this into the HTML spec: adding MIME type checks for HTTP(S) worker scripts. See https://github.com/whatwg/html/pull/5302 and the corresponding tests pull request in https://github.com/web-platform-tests/wpt/pull/24983. Firefox is shipping shortly. data: and blob: URL workers are still not checked.
*** This bug has been marked as a duplicate of bug 236411 ***