Re: Permission dialog across pages, domains from cowwoc on 2014-04-18 (public-media-capture@w3.org from April 2014)

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Fri, 18 Apr 2014 15:11:42 -0400
To: Justin Uberti <juberti@google.com>, Martin Thomson <martin.thomson@gmail.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <535178EE.1050008@bbs.darktech.org>

On 18/04/2014 2:26 PM, Justin Uberti wrote:
> On Fri, Apr 18, 2014 at 11:14 AM, Martin Thomson 
> <martin.thomson@gmail.com <mailto:martin.thomson@gmail.com>> wrote:
>
>     On 18 April 2014 11:06, cowwoc <cowwoc@bbs.darktech.org
>     <mailto:cowwoc@bbs.darktech.org>> wrote:
>     > It is my understanding that all implementations will cache the
>     user response
>     > to the permission dialog for HTTPS pages.
>
>     Not all, but that is possible.
>
>     > Does the permission get remembered across a single page? Or
>     across all pages on
>     > the same domain? Or across all pages across the domain and
>     sub-domains?
>
>     It's by web origin: scheme + host + port [RFC6454]
>
>
> This is what Chrome does.
>

Do the implementations allow the use of document.domain or CORS to relax 
this restriction across sub-domains?

Gili

Received on Friday, 18 April 2014 19:12:12 UTC