- From: Doug Turner <doug.turner@gmail.com>
- Date: Mon, 15 Jun 2009 09:13:28 -0700
- To: Andrei Popescu <andreip@google.com>
- Cc: Erik Wilde <dret@berkeley.edu>, "public-geolocation@w3.org" <public-geolocation@w3.org>
On Jun 15, 2009, at 9:10 AM, Andrei Popescu wrote: > On Mon, Jun 15, 2009 at 5:05 PM, Erik Wilde<dret@berkeley.edu> wrote: >> hello doug. >> >> Doug Turner wrote: >>> >>> Mobile Safari (Greg can confirm), Google Gears (including >>> Android), and >>> Firefox 3.5 do not restrict device apis to TLD -- IFRAMEs are >>> allowed to >>> access each geolocation. I suggested we consider restricting >>> these sorts of >>> APIs at the Device Security Workgroup back in December. It was >>> more of a >>> strawman position I took to get feedback, and much of the feedback >>> was >>> considerations around what we would break. >> >> just confirming to understand what's going on: this means when a >> site is >> granted access to location, all 3rd parties behind it will have >> access to >> the user's location as well, right? > > Wrong. Only that site will be granted access to location. Any 3rd > party (i.e. content from any other origin) will have to get permission > from the user separately. > > Andrei > what Andrei said.
Received on Monday, 15 June 2009 16:14:53 UTC