- From: Conrad Irwin <conrad.irwin@gmail.com>
- Date: Sun, 26 Aug 2012 19:32:11 -0700
- To: public-web-intents@w3.org
Hi all, I saw some earlier mention [1] of the inability for web-intents to obtain the origin of the calling site. Is this something that will be added? I am also working on an authentication protocol; and without the ability to verify the origin of a message, WebIntents are almost useless. (I can work around it by making the call to the intent from a content-script running in my chrome extension that shares a secret with the intent; but that feels very fragile). A couple of other use-cases for including the origin could be: • Content-filtering: If I am running an image sharing web-intent, I might want to block content from http://*.xxx. • UI enhancement: If I am running an editing web-intent, it would be nice to be able to tell the user "return to <origin>" • Authentication: If I am running an authentication web-intent, it's essential to know which website is asking for the user's identity (I don't want to give it to a malicious 3rd-party by accident). Conrad [1] http://lists.w3.org/Archives/Public/public-web-intents/2012May/0012.html
Received on Monday, 27 August 2012 02:32:58 UTC