- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 18 Aug 2016 09:44:48 +0200
- To: Raymes Khoury <raymes@google.com>
- Cc: Martin Thomson <mt@mozilla.com>, Jeffrey Yasskin <jyasskin@google.com>, WebAppSec WG <public-webappsec@w3.org>, Marcos Caceres <marcos@marcosc.com>, Mounir Lamouri <mlamouri@google.com>, Ben Wells <benwells@google.com>
On Thu, Aug 18, 2016 at 7:28 AM, Raymes Khoury <raymes@google.com> wrote: > For example, what if the UA shows a prompt (in the context of a > request()) that allows the user to allow the permission for several origins > at a time? I feel like this could be done in a responsible way by a UA. In > that case I feel happy about the phrase we have: "New information about the > user’s intent". If there was no prompt, it wouldn't be nice for that to > happen, but then that's clearly not "New information about the user’s > intent". This is exactly the kind of thing that is problematic. Since if a UA ships that and sites come to depend on it, other UAs will have to copy. Requiring changes to the standard for such practices is a good way to keep everyone informed of competitive pressures. > Permissions should generally be scoped to origins by default but UAs can > have such varied UX that it's hard to spec that out in granularity. I don't think allowing UX to vary to the extent that it influences how sites are programmed is responsible. -- https://annevankesteren.nl/
Received on Thursday, 18 August 2016 07:45:17 UTC