Re: TPE last-call issues on my plate, summary

On Thu, Oct 9, 2014 at 7:25 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> Unless you enumerate the hosts somehow, but that still does not allow
> you to get around a publicsuffix.org dependency... I'm surprised we
> even want such an API.

Note that the asynchronous comment still stands. Copying the cookie
model seems badly broken, but making a new permission API synchronous
is even worse.

And did security UX sign off on having explanationString and siteName
fields? Typically we do not allow sites to insert text into permission
UI as we cannot trust the sites to try to spoof the user.


-- 
https://annevankesteren.nl/

Received on Friday, 10 October 2014 07:03:50 UTC