Re: Proposal: Prefer secure origins for powerful new web platform features

>> I think the inclusion of file:/// is somewhat problematic, since it is
>> not implied that the content arrived over a secure channel,
> Right. "But it's here now." Perhaps we should take file: off the list,
> perhaps we should find some way to tag files as having come from
> secure transport, or...

A special problem here is also how to scope the permission if ever
granted by the user. A permission granted to
file:///installed_app/bar.html probably shouldn't carry over to

> Right. mkwst, others, and tangentially me are working on tightening it
> up for reasons like this.

Yeah, I was following this pretty closely, but didn't think it's
aiming to restrict the ability for file:/// to, say, load scripts from


Received on Friday, 27 June 2014 23:56:59 UTC