- From: Harald Alvestrand <notifications@github.com>
- Date: Wed, 04 May 2016 01:41:23 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc:
Received on Wednesday, 4 May 2016 08:44:12 UTC
About the key for the store (request origin vs top level origin vs both): The WEBRTC WG had a long discussion on this, and concluded that granting access to a request origin independent of top level origin was not viable; it would allow any app that got permission somehow to utilize that permission in all contexts (think "one-pixel tracker gif with a microphone"). So one version of our spec required double keying (any new combination of top-level origin and request origin had to request permission separately). After that version, we were informed about an initiative to push for granting permissions in general to top-level origins only and require explicit delegation for the permission to be usable by embedded iframes; that's where people's heads seem to be at the moment. I'd love to have the decision on that be made for the platform, not for each spec on its own. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/pull/91#issuecomment-216788727
Received on Wednesday, 4 May 2016 08:44:12 UTC