- From: Janusz Majnert <j.majnert@samsung.com>
- Date: Thu, 04 Jul 2013 09:10:45 +0200
- To: public-sysapps@w3.org
- Message-id: <51D51FF5.9050304@samsung.com>
On 2013-07-03 17:39, SUWIRYA Darmawan wrote: > > Hi, > > We would like to seek for clarification regarding chapter 7 of the > runtime spec. > > Use case example : > > 1. App-1 is a hosted app, with origin from www.myapp.com > <http://www.myapp.com>. > > 2. In its manifest, it declares for permission to access Messaging and > Raw Socket APIs. > > 3.. In its manifest, it also declares to allow-navigation to > www.myapp-service.com <http://www.myapp-service.com>. > > 4. Messaging API is used in : www.myapp.com/run1.html > <http://www.myapp.com/run1.html>. > > 5. Raw Socket API is used in : www.myapp-service.com/run2.html > <http://www.myapp-service.com/run2.html>. > > 6. User installed this App-1. > > 7. User executes this App-1. > > 8. User hits www.myapp.com/run1.html <http://www.myapp.com/run1.html> > page, and messaging API access works fine. > > 9. User then hits www.myapp-service.com/run2.html > <http://www.myapp-service.com/run2..html> page. Will Raw Socket API > access works fine also here ? > > 10. Then finally, how if the App-1 above is actually a packaged-app ? > Will the behavior be exactly the same ? > > This is indeed greatly underspecified. I would guess that domains from allow-navigation are not granted the same level of permissions that the application has, but I'm not sure here. I also think that there should be no difference between hosted and packaged apps here. Regards, Janusz Majnert Samsung R&D Institute Poland Samsung Electronics
Received on Thursday, 4 July 2013 07:11:16 UTC