- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 17 Aug 2016 09:30:08 +0200
- To: Raymes Khoury <raymes@google.com>
- Cc: Jeffrey Yasskin <jyasskin@google.com>, WebAppSec WG <public-webappsec@w3.org>, Martin Thomson <mt@mozilla.com>, Marcos Caceres <marcos@marcosc.com>, Mounir Lamouri <mlamouri@google.com>, Ben Wells <benwells@google.com>
On Wed, Aug 17, 2016 at 3:55 AM, Raymes Khoury <raymes@google.com> wrote: > Hmm, in my mind we sort of have a store implicitly defined in the spec. Yeah, I'd like it to be more explicit. Defining subsystems in detail has been paying off thus far. > The > key is the entire context of the JS call (including permission, origin, > etc.). Setting a value corresponds to "new information about the user’s > intent". This gives the UA a lot of freedom. I think we can define more > constraints on this boundary if we have consensus (such as the origin one). > WDYT? I think that would be good. And too much freedom leads to everyone having to copy the majority user agent as it determines the programming model around usage, which isn't really good use of our time. E.g., the case comes to mind where Chrome wants to require a user gesture before showing a permission which it then grants persistently by default. Whereas Firefox would like to show permissions without gesture but then not grant them persistently by default. If Chrome starts requiring the gesture and sites adopt the gesture pattern due to Chrome's outreach and such, Firefox is either stuck with two clicks each time or adopting by default persistent permissions. -- https://annevankesteren.nl/
Received on Wednesday, 17 August 2016 07:30:35 UTC