- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 01 Feb 2012 15:06:20 -0500
- To: Charles Pritchard <chuck@jumis.com>
- CC: public-webapps@w3.org
On 2/1/12 3:02 PM, Charles Pritchard wrote: > On 2/1/12 11:57 AM, Boris Zbarsky wrote: >> On 2/1/12 2:39 PM, Charles Pritchard wrote: >>> Mozilla said they were getting rid of their enable privilege API. I >>> don't know that they have. >> >> It's being removed, slowly. For example, cross-site XHR (modulo >> whatever CORS allows) is no longer possible even if you >> enablePrivilege in current Gecko. >> >> There may be a different privilege setup eventually, but >> enablePrivilege in its existing form is not a good API, especially for >> the web. > > So, in Gecko, is cross-site XHR something now specified explicitly in > the extension manifest? Extensions in Firefox are a separate ballgame. They currently always run with the same exact permissions (literally; the permissions object pointer is the same) as the browser UI itself. This means they can do things that you could never do with enablePrivilege. > Chrome went ahead with specifying "optional permissions" in the > manifest, and when those are present in the manifest, they can be > requested via chrome.permissions.request. It's async, which is nice, and > is quite different than the synchronous Gecko model. > > http://code.google.com/chrome/extensions/trunk/permissions.html Firefox extensions never have to request permissions. They always have them. > The special status of "file://" is still a special thing. It'll go away, as enablePrivilege goes away in general. -Boris
Received on Wednesday, 1 February 2012 20:06:51 UTC