W3C home > Mailing lists > Public > public-device-apis-log@w3.org > August 2017

Re: [battery] Allow use from within secure context and top-level browsing context only

From: Ian Clelland via GitHub <sysbot+gh@w3.org>
Date: Thu, 24 Aug 2017 15:00:38 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-324661401-1503586832-sysbot+gh@w3.org>
If we add a directive for battery to the feature policy (which is, as @RByers says, pretty simple to do), I think that the sensible default would be to allow use at the top level, *and in any same-origin children*, and block use in cross origin frames.

That's the stance I'm trying to advocate for new policy-controlled APIs, and we're reframing older ones to work the same way. There's really no point in trying to restrict access from same-origin frames, when they can just reach back up through `parent` to do anything they want anyway.

-- 
GitHub Notification of comment by clelland
Please view or discuss this issue at https://github.com/w3c/battery/issues/10#issuecomment-324661401 using your GitHub account
Received on Thursday, 24 August 2017 15:00:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC