Re: Privileged context features and JavaScript

I'd be fine with this, if it's what folks end up preferring.

That said, throwing/rejecting gives us the opportunity to explain to a
developer _why_ her favorite API isn't available. It's not clear how we'd
help them understand what's going on if we just remove the API entirely.

Consider Geolocation, for instance: users can disable the API entirely in
Chrome (and, I assume, other browsers). Should we remove the API in these
cases as well?

Either way, expressing the constraint via IDL seems totally reasonable.

-mike
On Apr 17, 2015 07:19, "Anne van Kesteren" <annevk@annevk.nl> wrote:

> Soon there will be a number of features that are restricted to
> privileged contexts. Most prominent one being service workers.
>
> Within user agents the prevailing pattern is that privileged APIs are
> not available in unprivileged contexts. However, both Firefox and
> Chrome currently expose the service worker API everywhere, it just
> happens to reject.
>
> Should we change this and simply not expose the API in unprivileged
> contexts? E.g. through IDL syntax? That way we don't have to carefully
> secure all access points.
>
>
> --
> https://annevankesteren.nl/
>
>

Received on Friday, 17 April 2015 06:45:16 UTC