On 21/03/2016 13:04, Anne van Kesteren wrote: > On Mon, Mar 21, 2016 at 1:57 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: >> On 3/21/16 4:53 AM, Anne van Kesteren wrote: >>> I think it's mostly Richard and Martin that favor tying this to exposure. >> >> And me, for what it's worth. I strongly believe we should not be exposing >> attribute getters that are 100% guaranteed to throw when called. >> >>> I think that only works well for new APIs. We'd then still need >>> something for legacy APIs we want to limit to secure contexts (maybe >>> just prose). >> >> Why? That is, why do you think it's more web-compatible to make an API >> that's feature-detected as present throw than to make it feature-detect as >> not present and hence trigger polyfills. >> >>> I tend to think we should just do whatever is least complicated >> >> And most likely to actually be shippable, yes. > > Are there many APIs under consideration that are attributes? I thought > most were methods. I agree it makes sense to go this way if there's a > lot of attributes. I don't know if anyone has made up a comprehensive list of APIs, but I did try and make a list of spec's that refer to the secure context's spec (or mention it in some other way that needs updated, such as "powerful features"): https://slightlyoff.github.io/ServiceWorker/spec/service_worker/ https://storage.spec.whatwg.org/ https://w3c.github.io/encrypted-media/ https://w3c.github.io/geofencing-api/ https://w3c.github.io/webappsec-mixed-content/ https://w3c.github.io/webappsec-subresource-integrity/ https://w3c.github.io/sensors/ https://w3c.github.io/web-nfc/ https://w3c.github.io/webappsec-clear-site-data/ https://w3c.github.io/webappsec-credential-management/ https://w3ctag.github.io/client-certificates/ https://webbluetoothcg.github.io/web-bluetooth/ https://wicg.github.io/BackgroundSync/ https://wicg.github.io/directory-upload/ https://wicg.github.io/paymentrequest/ https://wicg.github.io/web-payments-browser-api/ https://wicg.github.io/webusb/ https://www.w3.org/Submission/fido-web-api/ https://www.w3.org/TR/permissions/ If someone does go through and make up a list of shipped features that may end up being put behind [SecureContext] I'd be interested to see it too. JonathanReceived on Monday, 21 March 2016 13:29:18 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:25 UTC