More (mostly minor) edits to the exceptions API section


these updates today:

* there were a number of paragraphs marked as an Issue that were not in the Issue database and hence had no number; now they are all properly tracked;

* I added the (obvious) statement that if an exception is re-requested (i.e. it's already been granted and recorded), you shouldn't bother the user again, and just confirm the grant

* I put in a section that's an issue suggesting that an enquiry API might be useful to scripts;  "what's the header that would be sent if my script-origin were a target under the current top-level domain?"

* On issue-111, I had previously suggested that a first-party that wants to know of the continued existence of a site-specific exception could add itself as if a third-party, and then the matching rules would mean it got a DNT:0 as long as the exception exists.  This is a Bad Idea.  DNT:0 to a first party (I am told) implies that the first party can pass data to third parties, and is indistinguishable from when a browser send DNT:0 generally.  Brrrr.  So, in the issue discussion in the document I now suggest we consider simply adding something to the DNT header to say "one or more site-specific exceptions exist for this site" (e.g. "DNT: 1E" with the E meaning that).

* I added a simple boolean return value to the cancel calls ('OK' vs. 'something went wrong')

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 9 August 2012 23:49:13 UTC