- From: <bugzilla@jessica.w3.org>
- Date: Tue, 19 Aug 2014 15:44:06 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 --- Comment #23 from Mark Watson <watsonm@netflix.com> --- (In reply to Anne from comment #21) > (In reply to Mark Watson from comment #17) > > As with any web API, it is for the UA implementor to take care about what > > information they expose, to obtain suitable user consent for exposure of > > information etc. It's not something where the specification needs to dictate > > to UA implementors. > > Actually that is false. A standard can definitely require that an API is > only exposed on secure origins, even if that API requires further user opt > in. This protects the end user from potential harm. We have not been good > with this in the past (e.g. geolocation works on insecure pages), but we > should be going forward. I think my statement was in fact true. I did not say that standards "cannot" require an API to only be exposed to secure origins, I said that it is not necessary. You might disagree, but that is a matter of opinion, not of fact. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 19 August 2014 15:44:09 UTC