On Wed, Jan 13, 2016 at 6:21 PM, Joel Weinberger <jww@chromium.org> wrote: > Part of the issue is that even if a frame does 'everything' right (and I > don't really know what 'everything' would mean, so as Anne requested, it > would be good to make that clear), it would be extremely difficult to > present permission decisions to the user in a meaningful way. Origins are > already hard enough to present, and if you have a secure origin requesting a > permission within a secure frame, how would the user agent present this in a > way to meaningfully convey the weird security layering going on? Yeah, allowing permission prompts from origins that do not match the origin of the address bar has been a big mistake. I hope we can phase that out over time. -- https://annevankesteren.nl/Received on Wednesday, 13 January 2016 17:25:59 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC