Re: [w3c/permissions] Allow for the query algorithm to return `prompt` or `denied` when document is not `allowed to use` (PR #458) from Johann Hofmann on 2025-02-07 (public-webapps-github@w3.org from February 2025)

From: Johann Hofmann <notifications@github.com>
Date: Fri, 07 Feb 2025 06:13:56 -0800
To: w3c/permissions <permissions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/permissions/pull/458/c2643051907@github.com>

@aselya can you elaborate a bit more on why you think exposing Permissions Policy state (which is "allowed to use") would  lead to retaliation against the user?

I could see an argument for why this technically exposes cross-origin information, but that seems by design, the same way that, say, the sandbox argument is observable by a cross-origin iframe. Also, that doesn't seem like something that should be implementation-defined. :)

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/permissions/pull/458#issuecomment-2643051907
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/permissions/pull/458/c2643051907@github.com>

Received on Friday, 7 February 2025 14:14:01 UTC