- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 13 May 2016 08:04:02 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc:
- Message-ID: <w3c/permissions/pull/96/r63198535@github.com>
> + <p algorithm="relevant-permission-change"> > + A <dfn>relevant permission change</dfn> for one or more <a>realms</a> |realms| > + consists of either the UA receiving new information about the user's > + intent or a use of <a>write the permission entry</a> or <a>revoke the > + permission entries</a> from a <a>realm</a> whose <a > + lt="the Realm's settings object">settings object</a> has the <a>same > + origin</a> as one of the |realms|. > + </p> > + > + <p class="issue" id="issue-same-domain-permissions"> > + It's not clear if some current browsers share permissions more widely than > + a single origin. For example, when a user grants permission for > + https://foo.com/ to use a capability, some browsers may also give access > + to any origin with a domain ending in ".foo.com". This specification may > + need to allow this. > + </p> It seems like a very bad idea to cross schemes. Domains might be okay, but that also very much depends. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/pull/96/files/6d6282b7405265cabec2c0ee30b69877d77d9dff#r63198535
Received on Friday, 13 May 2016 15:05:09 UTC