"How are sub-domains handled for site-specific exceptions?" - from a browser standpoint, I don't wish to further propagate the notion of "registry controlled domains" which is an unfortunate reality that we currently have with cookies, where browsers try to keep a list of what is a "public suffix" (contains multiple unrelated entities beneath it, such as .com). We have ~6,800 entries in there so far ( http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1) - this is only getting worse now that ICANN has, in a rather questionable move (personal opinion), decided to make the top-level domain namespace a wild west. So, I don't want to say "all subdomains" because we have no idea what that means. Rather, I would prefer to say "A site can request a site-wide exception for its own origin and any other origins that it considers to also be in the same party, e.g. http://www.example.com could request a site-wide exception for http://www.example.com, https://www.example.com, https://example.com, https://mail.example.com, https://www.example.de, http://www.example.de" Sadly, I fear this is going to become nightmarish as sites add and delete origins over time ("Hey, now we're http://search.google!" or "Hey, we just launched example.az" or "newproduct.example.com"). That said, I've got nothing better to offer... -IanReceived on Wednesday, 25 July 2012 15:37:04 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 July 2012 15:37:06 GMT