W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

Re: Restricting API access

From: Andrei Popescu <andreip@google.com>
Date: Mon, 15 Jun 2009 17:10:06 +0100
Message-ID: <708552fb0906150910l7259afa9ycd19199fb8312f1a@mail.gmail.com>
To: Erik Wilde <dret@berkeley.edu>
Cc: "public-geolocation@w3.org" <public-geolocation@w3.org>
On Mon, Jun 15, 2009 at 5:05 PM, Erik Wilde<dret@berkeley.edu> wrote:
> hello doug.
>
> Doug Turner wrote:
>>
>> Mobile Safari (Greg can confirm), Google Gears (including Android), and
>> Firefox 3.5 do not restrict device apis to TLD -- IFRAMEs are allowed to
>> access each geolocation.  I suggested we consider restricting these sorts of
>> APIs at the Device Security Workgroup back in December.  It was more of a
>> strawman position I took to get feedback, and much of the feedback was
>> considerations around what we would break.
>
> just confirming to understand what's going on: this means when a site is
> granted access to location, all 3rd parties behind it will have access to
> the user's location as well, right?

Wrong. Only that site will be granted access to location. Any 3rd
party (i.e. content from any other origin) will have to get permission
from the user separately.

Andrei
Received on Monday, 15 June 2009 16:10:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC