W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2009

ISSUE-9 (restricted-access): Restricting API Access [GeoAPI V1]

From: Geolocation Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 15 Jun 2009 17:38:56 +0000 (GMT)
To: public-geolocation@w3.org
Message-Id: <20090615173856.078457F46F@otto.w3.org>

ISSUE-9 (restricted-access): Restricting API Access [GeoAPI V1]


Raised by: Matt Womer
On product: GeoAPI V1

Doug Turner had an idea that should be tracked [1]:

"got some feedback on this.  this isn't how it works today, but I think it is the way it should work in the future. Even more so, I have been considering restricting device apis (like geolocation) to top level documents only and prevent iframes from accessing this APIs.  I did get some push back in Dec when I suggested this at our w3c devices workshop (are the notes anywhere for this? thomas?).  This will break many of the sites like igoogle and others that embed content from remote origins.  However such sites, could use something like PostMessage to explicitly send data.

Is this an overkill? Thoughts?"

We've split discussion of the idea out into a separate thread [2].

[1] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0053.html

[2] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0055.html
Received on Monday, 15 June 2009 17:39:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:50:56 UTC