W3C home > Mailing lists > Public > public-geolocation@w3.org > November 2011

Re: Permission on behalf of whom

From: Simon Pieters <simonp@opera.com>
Date: Thu, 10 Nov 2011 16:26:28 +0100
To: public-geolocation <public-geolocation@w3.org>, "Steve Block" <steveblock@google.com>
Message-ID: <op.v4qk6euoidj3kv@simon-pieterss-macbook.local>
On Thu, 10 Nov 2011 15:40:58 +0100, Steve Block <steveblock@google.com>  
wrote:

> Hi Simon,
>
> Note that the Geolocation spec already specifies that the permission
> UI should use the host component of the document's URI [1]. We agreed
> some time ago to use just the host, not the complete origin.

It says "The user interface must include the host component of the  
document's URI [URI]." However, what to show in the UI is not necessarily  
the same as what to use as the "key" when storing the permission. Chrome  
uses origin (actually a pair of origins if the page is embedded in a  
cross-origin iframe), while Firefox uses the domain name, and Opera  
currently uses the domain name also.

> I think you're right that it would be good to clarify the behavior in
> the case where script in one document accesses the Geolocation object
> in another document.
>
>> with "origin" and "entry script" being defined in the HTML spec.
> Do you mean the W3C HTML5 spec [2] ?

Right.

> If I understand this correctly, under your proposal of using 'entry
> script', the relevant host for the purposes of Geolocation permissions
> in your example is that of the outer document.

Yes.

> If the code were ...
>
> window[0].myGetCurrentPositionWrapper();
>
> then the relevant host would be that of window[0]'s document, ie the
> document corresponding to the Geolocation object.

No. "entry script" is still the outer script in this case, I think.

> Thanks,
> Steve
>
> [1] http://dev.w3.org/geo/api/spec-source.html#privacy_for_uas
> [2] http://dev.w3.org/html5/spec/Overview.html#entry-script ?


-- 
Simon Pieters
Opera Software
Received on Thursday, 10 November 2011 15:25:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 22 March 2012 18:13:56 GMT