W3C home > Mailing lists > Public > public-geolocation@w3.org > November 2011

Re: Permission on behalf of whom

From: Steve Block <steveblock@google.com>
Date: Thu, 10 Nov 2011 14:40:58 +0000
Message-ID: <CAFun1dogb2k2aMwbLMWktZGmxC+8SXkj_RMxFqywptODrXgb3Q@mail.gmail.com>
To: Simon Pieters <simonp@opera.com>, public-geolocation <public-geolocation@w3.org>
Hi Simon,

Note that the Geolocation spec already specifies that the permission
UI should use the host component of the document's URI [1]. We agreed
some time ago to use just the host, not the complete origin.

I think you're right that it would be good to clarify the behavior in
the case where script in one document accesses the Geolocation object
in another document.

> with "origin" and "entry script" being defined in the HTML spec.
Do you mean the W3C HTML5 spec [2] ?

If I understand this correctly, under your proposal of using 'entry
script', the relevant host for the purposes of Geolocation permissions
in your example is that of the outer document. If the code were ...

window[0].myGetCurrentPositionWrapper();

then the relevant host would be that of window[0]'s document, ie the
document corresponding to the Geolocation object.

Thanks,
Steve

[1] http://dev.w3.org/geo/api/spec-source.html#privacy_for_uas
[2] http://dev.w3.org/html5/spec/Overview.html#entry-script ?
Received on Thursday, 10 November 2011 14:41:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 22 March 2012 18:13:56 GMT