W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Granting permissions, was Re: Installing web apps

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 01 Feb 2012 15:06:20 -0500
Message-ID: <4F299B3C.7020309@mit.edu>
To: Charles Pritchard <chuck@jumis.com>
CC: public-webapps@w3.org
On 2/1/12 3:02 PM, Charles Pritchard wrote:
> On 2/1/12 11:57 AM, Boris Zbarsky wrote:
>> On 2/1/12 2:39 PM, Charles Pritchard wrote:
>>> Mozilla said they were getting rid of their enable privilege API. I
>>> don't know that they have.
>>
>> It's being removed, slowly. For example, cross-site XHR (modulo
>> whatever CORS allows) is no longer possible even if you
>> enablePrivilege in current Gecko.
>>
>> There may be a different privilege setup eventually, but
>> enablePrivilege in its existing form is not a good API, especially for
>> the web.
>
> So, in Gecko, is cross-site XHR something now specified explicitly in
> the extension manifest?

Extensions in Firefox are a separate ballgame.  They currently always 
run with the same exact permissions (literally; the permissions object 
pointer is the same) as the browser UI itself.  This means they can do 
things that you could never do with enablePrivilege.

> Chrome went ahead with specifying "optional permissions" in the
> manifest, and when those are present in the manifest, they can be
> requested via chrome.permissions.request. It's async, which is nice, and
> is quite different than the synchronous Gecko model.
>
> http://code.google.com/chrome/extensions/trunk/permissions.html

Firefox extensions never have to request permissions.  They always have 
them.

> The special status of "file://" is still a special thing.

It'll go away, as enablePrivilege goes away in general.

-Boris
Received on Wednesday, 1 February 2012 20:06:51 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:50 GMT