Re: ISSUE-187 - What is the right approach to exception handling & ISSUE-185 from David Wainberg on 2012-12-04 (public-tracking@w3.org from December 2012)

From: David Wainberg <david@networkadvertising.org>
Date: Tue, 04 Dec 2012 10:42:16 -0500
To: Mike O'Neill <michael.oneill@baycloud.com>
CC: David Singer <singer@apple.com>, public-tracking@w3.org
Message-ID: <50BE19D8.2010001@networkadvertising.org>

On 12/2/12 6:28 AM, Mike O'Neill wrote:
>
> The sentence in 6.4.1 (/The execution of this API and the use of the 
> resulting permission (if granted) use the 'implicit' parameter, when 
> the API is called, the *document origin*. This forms the first part of 
> the duplet in the logical model, and hence in operation will be 
> compared with the *top-level origin*) /makes it clear that only script 
> in the context of the *top-level origin* can register a UGE for the 
> site. If script in third-party embedded iframe makes a SS UGE call, 
> the implicit document origin points to the third-party domain so the 
> exception applies there and not at the parent window's origin.
>

Can someone clarify? Is this true? A party in an iFrame should be able 
to request a UGE for the top level page context, not the iFrame that 
it's in.

Received on Tuesday, 4 December 2012 15:42:51 UTC