- From: Martin Thomson <notifications@github.com>
- Date: Fri, 13 May 2016 13:41:38 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc:
- Message-ID: <w3c/permissions/pull/96/r63248089@github.com>
> + <p algorithm="relevant-permission-change"> > + A <dfn>relevant permission change</dfn> for one or more <a>realms</a> |realms| > + consists of either the UA receiving new information about the user's > + intent or a use of <a>write the permission entry</a> or <a>revoke the > + permission entries</a> from a <a>realm</a> whose <a > + lt="the Realm's settings object">settings object</a> has the <a>same > + origin</a> as one of the |realms|. > + </p> > + > + <p class="issue" id="issue-same-domain-permissions"> > + It's not clear if some current browsers share permissions more widely than > + a single origin. For example, when a user grants permission for > + https://foo.com/ to use a capability, some browsers may also give access > + to any origin with a domain ending in ".foo.com". This specification may > + need to allow this. > + </p> When cookies did it, it was a bad idea. I am very much opposed to an endorsement of anything that has a scope larger than scheme and host. I would prefer to retain scheme, host, and port if possible. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/pull/96/files/6d6282b7405265cabec2c0ee30b69877d77d9dff#r63248089
Received on Friday, 13 May 2016 20:42:38 UTC