- From: David Singer <singer@apple.com>
- Date: Fri, 10 Oct 2014 07:41:46 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Sid Stamm <sstamm@mozilla.com>, Tracking Protection Working Group <public-tracking@w3.org>
Sent from my iPad > On Oct 10, 2014, at 12:03 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > >> On Thu, Oct 9, 2014 at 7:25 PM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Unless you enumerate the hosts somehow, but that still does not allow >> you to get around a publicsuffix.org dependency... I'm surprised we >> even want such an API. > > Note that the asynchronous comment still stands. Copying the cookie > model seems badly broken, but making a new permission API synchronous > is even worse. It isn't synchronous now, and so far no one objects to having it return a promise. In just need an example of how to write that... > > And did security UX sign off on having explanationString and siteName > fields? Typically we do not allow sites to insert text into permission > UI as we cannot trust the sites to try to spoof the user. > I agree we should remove these. I am getting some pushback. > > -- > https://annevankesteren.nl/
Received on Friday, 10 October 2014 14:42:20 UTC