- From: Joshua Bell <notifications@github.com>
- Date: Wed, 23 Jan 2019 11:34:14 -0800
- To: w3c/IndexedDB <IndexedDB@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 23 January 2019 19:34:36 UTC
As noted in https://github.com/w3c/IndexedDB/pull/242#issuecomment-427604894 by @asutherland the new commit() method on IDBTransaction would likely be marked `[SecureContext]` in Gecko to satisfy that org's policy. We (at least, in the spec/in Chrome) didn't do this with IDBFactory's `databases()` method; in part because it allows maintenance of existing origin-scoped browsing data which may be present for non-secure origins. I'm on the fence here. On the one hand, I'm sympathetic to the goals of driving everything towards secure contexts. On the other, it's weird to have methods within an overall API have different exposure just based on when they were introduced - yet another "gotcha!" for web developers. I could probably be convinced to plop `[SecureContext]` in and it's not too late to add that in Chrome, and we can see if developers complain; I suspect modern development by anyone motivated enough to have an opinion is on secure contexts anyway, so the aesthetic/confusion argument is moot. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/IndexedDB/issues/254
Received on Wednesday, 23 January 2019 19:34:36 UTC