ISSUE-9 (restricted-access): Restricting API Access [GeoAPI V1] from Geolocation Working Group Issue Tracker on 2009-06-15 (public-geolocation@w3.org from June 2009)

From: Geolocation Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 15 Jun 2009 17:38:56 +0000 (GMT)
To: public-geolocation@w3.org
Message-Id: <20090615173856.078457F46F@otto.w3.org>

ISSUE-9 (restricted-access): Restricting API Access [GeoAPI V1]

http://www.w3.org/2008/geolocation/track/issues/9

Raised by: Matt Womer
On product: GeoAPI V1

Doug Turner had an idea that should be tracked [1]:

"got some feedback on this.  this isn't how it works today, but I think it is the way it should work in the future. Even more so, I have been considering restricting device apis (like geolocation) to top level documents only and prevent iframes from accessing this APIs.  I did get some push back in Dec when I suggested this at our w3c devices workshop (are the notes anywhere for this? thomas?).  This will break many of the sites like igoogle and others that embed content from remote origins.  However such sites, could use something like PostMessage to explicitly send data.

Is this an overkill? Thoughts?"

We've split discussion of the idea out into a separate thread [2].

[1] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0053.html

[2] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0055.html

Received on Monday, 15 June 2009 17:39:02 UTC