- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 17 Apr 2015 07:16:44 +0200
- To: WebAppSec WG <public-webappsec@w3.org>, public-script-coord <public-script-coord@w3.org>, WebApps WG <public-webapps@w3.org>
Soon there will be a number of features that are restricted to privileged contexts. Most prominent one being service workers. Within user agents the prevailing pattern is that privileged APIs are not available in unprivileged contexts. However, both Firefox and Chrome currently expose the service worker API everywhere, it just happens to reject. Should we change this and simply not expose the API in unprivileged contexts? E.g. through IDL syntax? That way we don't have to carefully secure all access points. -- https://annevankesteren.nl/
Received on Friday, 17 April 2015 05:17:11 UTC