- From: Charles Pritchard <chuck@jumis.com>
- Date: Wed, 01 Feb 2012 12:02:55 -0800
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- CC: public-webapps@w3.org
On 2/1/12 11:57 AM, Boris Zbarsky wrote: > On 2/1/12 2:39 PM, Charles Pritchard wrote: >> Mozilla said they were getting rid of their enable privilege API. I >> don't know that they have. > > It's being removed, slowly. For example, cross-site XHR (modulo > whatever CORS allows) is no longer possible even if you > enablePrivilege in current Gecko. > > There may be a different privilege setup eventually, but > enablePrivilege in its existing form is not a good API, especially for > the web. So, in Gecko, is cross-site XHR something now specified explicitly in the extension manifest? Chrome went ahead with specifying "optional permissions" in the manifest, and when those are present in the manifest, they can be requested via chrome.permissions.request. It's async, which is nice, and is quite different than the synchronous Gecko model. http://code.google.com/chrome/extensions/trunk/permissions.html The special status of "file://" is still a special thing. enablePrivilege in Gecko had semantics for such items, whereas Chrome does not. It seems like that part of Gecko is also being put aside, which is probably for the best. I've considered running a page from file:// a special form of installation. It still is, with Chrome, as one can do things like iframe local content. Not something you can really do otherwise. -Charles
Received on Wednesday, 1 February 2012 20:03:18 UTC