- From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
- Date: Wed, 19 Aug 2015 19:44:22 +0000
- To: public-web-nfc@w3.org
@sicking focused on same-origin messages in his comment, which I think everyone agrees don't need prompts. (Pending @ngparker confirming that Chrome Security isn't worried.) We don't need to support cross-origin messages at all in the first version of the Web NFC API, if they're contentious. Policy (1) looks good. Even for cross-origin or non-web tags, I don't think it's "For each distinct call to watch(), a permission should be obtained by the UA." "For each distinct call" is wrong because I might watch() 2 paths within an origin. It's permission to the origin that matters, not permission for each watch() call. "A permission should be obtained" misleadingly implies a prompt, which would be wrong if I'm watch()ing my own origin. I'm also pretty sure webpages won't want to watch everything. Lots of tags will just have data formats they don't understand, and a major use of watch() should be to filter out events they'd just have to drop anyway. -- GitHub Notif of comment by jyasskin See https://github.com/w3c/web-nfc/issues/3#issuecomment-132755882
Received on Wednesday, 19 August 2015 19:44:24 UTC