- From: millisecond <notifications@github.com>
- Date: Tue, 03 Mar 2015 00:20:01 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/75/76904357@github.com>
@mvano we’ve run into some tangles with this in implementation on several sites. Consider these two cases: - A single domain site needs more time to transition everything (CDN, videos, user-gen content, etc) to HTTPS but wants to use Chrome push. An option would be to create a subdomain that uses HTTPS and is referred from the main site in an iframe. https://push.blog.com for example. - A multi-sub-domain site wants to register users only once but on several sub-domains. www.blog.com and video.blog.com are separate and fail the equals test currently in Chromium. A naive implementation would prompt the user twice and potentially send duplicate pushes if the site wasn’t very careful and separated the regs. Would require a failure-prone cookie solution to work around that (or a bi-directional “do you have a reg?” series - complicated when there are many many sub-domains). If video.blog.com could iframe to a page on www.blog.com and have the registration happen there the user would be prompted once and never be sent duplicates. In both cases I think the dialog wouldn’t be too confusing. The domain doesn’t exactly match the page the user is on but, in my opinion, it’s something totally relevant to the context. Proposal: allow iframes to register users for push if the top-level domains match. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/75#issuecomment-76904357
Received on Tuesday, 3 March 2015 08:20:29 UTC