- From: Arun Ranganathan <arun@mozilla.com>
- Date: Mon, 28 Jun 2010 14:47:19 -0700
- To: Jian Li <jianli@chromium.org>
- CC: David Levin <levin@google.com>, Adrian Bateman <adrianba@microsoft.com>, Jonas Sicking <jonas@sicking.cc>, Web Applications Working Group WG <public-webapps@w3.org>, public-device-apis <public-device-apis@w3.org>
- Message-ID: <4C291867.30007@mozilla.com>
On 6/23/10 9:50 AM, Jian Li wrote: > I think encoding the security origin in the URL allows the UAs to do > the security origin check in place, without routing through other > authority to get the origin information that might cause the check > taking long time to finish. > > If we worry about showing the double schemes in the URL, we can > transform the origin encoded in the URL by using base64 or other > escaping algorithm. Jian: the current URL scheme: http://dev.w3.org/2006/webapi/FileAPI/#url allows you to do that, without obliging other UAs to do that. Some UAs may elect to use "smart caching" to accomplish the same kinds of things, without tagging the URL with origin information. Others may see benefit in origin-tagging. I've reconsidered trying to architect a scheme that allows all use-case scenarios for blob: URIs. -- A* > > Jian > > > On Wed, Jun 23, 2010 at 8:24 AM, David Levin <levin@google.com > <mailto:levin@google.com>> wrote: > > On Tue, Jun 22, 2010 at 8:56 PM, Adrian Bateman > <adrianba@microsoft.com <mailto:adrianba@microsoft.com>> wrote: > > On Tuesday, June 22, 2010 8:40 PM, David Levin wrote: > > I agree with you Adrian that it makes sense to let the user > agent figure > > out the optimal way of implementing origin and other checks. > > > > A logical step from that premise is that the choice/format > of the > > namespace specific string should be left up to the UA as > embedding > > information in there may be the optimal way for some UA's of > implementing > > said checks, and it sounds like other UAs may not want to do > that. > > Robin outlined why that would be a problem [1]. My original > feeling was that this should be left up to UAs, as you say, > but I've been convinced that doing so is a race to the most > complex URL scheme. > > > Robin discussed something that could possibly in > http://lists.w3.org/Archives/Public/public-webapps/2009OctDec/0743.html. At > the same time, there are implementors who gave specific reasons > why encoding certain information (scheme, host, port) in > the namespace specific string (NSS) is useful to various UAs. No > other information has been requested, so theories adding more > information seem premature. > > If the format must be specified, it seems reasonable to take both > the theoretical and practical issues into account. > > Encoding that the security origin in the NSS isn't complex. If a > proposal is needed about how that can be done in a simple way, I'm > willing to supply one. Also, UAs that don't care about that > information are free to ignore it and don't need to parse it. > > dave > > >
Received on Monday, 28 June 2010 21:47:52 UTC