- From: Ángel González <angel@16bits.net>
- Date: Fri, 13 Nov 2015 02:56:27 +0100
- To: public-webappsec@w3.org
Jake Archibald wrote:
> In the perfect connection case, it's highly unlikely that background
> activity would take place, so asking for permission is redundant. But
> by the time you've determined the user doesn't have perfect
> connectivity, you're likely detached from the initiating action, so
> asking for permission isn't useful. Additionally you may be unable to
> ask permission at the pertinent moment, eg the user hits "send" then
> navigates the page.
I'd simply ask for permission before leaving the page.
The user clicks send, and the UA is requested to send a "message".
While the user is still in the page, there's no need to ask for
permissions, since the page is implicitly allowed to perform requests
by being open.
However, when closing the [last] tab, you would get a prompt like this:
«The page webmail.w3.org has a message to mx.w3.org pending. Do you
want $UANAME to send it as soon as it is able to?
[ ] Don't ask me again for w3.org
YES No, discard More info»
I like DKG proposal of an upload dialog. In addition of analysis
of pending activity (which is always good), that would also allow advanced user flows like manually freezing a request that went to an intranet site until you go back to $WORKPLACE or connect to the corporate VPN.
Daniel Kahn Gilmor wrote:
> It's worse than just leaking the user's rough location (via their IP
> address) to the origin. It also potentially provides fingerprintable
> traffic to a network observer when a user connects to a network,
> without the user initiating any action with their browser.
Worst case would probably be a user that rightfully uses tor/VPN to conceal their identity and gets exposed because his browser decided it was in his benefit to send back his analytic session after he closed everything and went back to normal navigation.
Received on Friday, 13 November 2015 01:56:54 UTC