- From: Frederik Braun <fbraun@mozilla.com>
- Date: Tue, 24 Jan 2017 08:29:49 +0100
- To: "mark a. foltz" <mfoltz@google.com>, Richard Barnes <rbarnes@mozilla.com>
- Cc: Francois Daoust <fd@w3.org>, WebAppSec WG <public-webappsec@w3.org>, public-web-security@w3.org, "Kostiainen, Anssi" <anssi.kostiainen@intel.com>
On 23.01.2017 22:17, mark a. foltz wrote: > On Mon, Jan 23, 2017 at 9:06 AM, Richard Barnes <rbarnes@mozilla.com > <mailto:rbarnes@mozilla.com>> wrote: > > What is the rationale for why this API needs to be available to > non-secure contexts? > > > At the time the group considered this, it was judged to not be a > powerful feature. > We have asked for an updated rubric for evaluating what is a powerful > feature, and have not yet received a reply. > > m. Also, note that a user giving permission to a site in a non-secure context will be surprised to note that this permission is leaking all over the public wifis he's using. I wonder if a permission prompt on non-secure contexts is useful at all.
Received on Tuesday, 24 January 2017 07:31:37 UTC