Re: Reminder: RfC: Last Call Working Draft of Web Workers; deadline April 21

On Wed, Apr 20, 2011 at 4:05 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>
>
> That's why we're working on trying to fix fingerprinting.
>
> The point is that privacy is something that we're all working on
> trying to improve (right?), and the WebWorkers spec needs to be
> changed to aid with that. As far as I can see all that's needed is to
> say that a UA is allowed to not share a worker, and ideally point out
> that such sharing could be disabled when the frame-parent chain
> contains cross origin iframes.
>

Thanks for the clarification, Jonas. So I'm concerned that a blanket
prohibition would break legitimate use cases (iframe-based widgets on a page
communicating with one another). Let's say we have the following:

Top Level Window - http://a.com
    Iframe_one - http://b.com
    iframe_two - http://b.com

Top Level Window - http://c.com
    iframe_three - http://b.com

If iframe_one, two, and three all create the same shared worker, would any
sharing be allowed in the situation you propose? I would at least want
iframe_one and iframe_two to end up referencing a common instance, even if
privacy policy caused iframe_three to get a separate instance because the
top-level window was pointed at c.com instead of a.com.

This seems reasonable to me - I suspect that's what you (and Travis) were
suggesting, but I wasn't positive.

Received on Thursday, 21 April 2011 00:58:53 UTC