On Wed, Jun 8, 2016 at 8:17 PM, Brad Hill <hillbrad@gmail.com> wrote: > If you missed the call and are interested, I took minutes, available at: > > http://www.w3.org/2016/06/08-webappsec-minutes.html What Martin says there about Firefox and origins is inaccurate I believe. We changed the permission manager last year to be origin-bound: https://bugzilla.mozilla.org/show_bug.cgi?id=1165263. (Now revocations might well go the eTLD route, not sure, and that might even make sense, but that seems more like a UX-issue whether you treat www.google.com and mail.google.com as equivalent from a UX perspective. There's a similar problem there when clearing storage. If that would affect just the origin, cookies can be used to revive it. I'd really like a clear set of principles for those questions, but it seems like it will require more research.) -- https://annevankesteren.nl/Received on Thursday, 9 June 2016 09:36:23 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC