W3C home > Mailing lists > Public > www-tag@w3.org > February 2012

Re: Installing web apps

From: Charles Pritchard <chuck@jumis.com>
Date: Wed, 01 Feb 2012 13:39:19 -0800
Message-ID: <4F29B107.5020909@jumis.com>
To: Tim Berners-Lee <timbl@w3.org>
CC: Marcos Caceres <w3c@marcosc.com>, Ian Hickson <ian@hixie.ch>, public-webapps@w3.org, Thomas Roessler <tlr@w3.org>, "Michael(tm) Smith" <mike@w3.org>, TAG List <www-tag@w3.org>
> I precisely*didn't*  want to get into a detail about whether everyone should use
> widgets or will use widgets -- I want to argue for XMLHTTPRequest
> being designed to be able to be used not only in an untrusted web page,
> but e.g. from an installed widget, or node.js for that matter,
> which means returning a defined error response when the privilege is
> insufficient, instead of faking a network error.
> I've been trying to write code which will work in any of these.

I've been there; even with <img crossorigin> I hit some snags (which 
have since been fixed).
You're going to want an async privilege check ahead of time.

chrome.permissions.getAll is a good example if checking permissions via 
async, early on in the script.

It's reasonable, at this point, to assume that permissions will not be 
restricted once they are granted in the lifetime of the script.
I don't know if that's a reasonable assumption for the future. In the 
future case, you may need to do a permissions check before
any XHR call.

Probably best to do that, too.

When doing polyfill work, async booting is necessary.

-Charles
Received on Wednesday, 1 February 2012 21:39:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:45 GMT