- From: Mike Wilson <mikewse@hotmail.com>
- Date: Mon, 7 Jun 2010 14:11:05 +0200
Aaron Boodman wrote: > On Fri, Jun 4, 2010 at 4:58 AM, Henri Sivonen wrote: > > On May 26, 2010, at 20:10, Aaron Boodman wrote: > >> Another one that we would like in Chrome is a path prefix > >> for the app. > >> This is to handle the case of applications like Google Reader > >> which are on http://www.google.com/reader. > > > > How does giving permissions to a prefixed application > > interact with the origin-based security model? > > Poorly. Origin is baked so low into the platform, it is the true > boundary, and that can probably never be changed. In Chrome, we can > get close because we can enforce process isolation based on the path, > but it is an ongoing project to make that bulletproof that might never > complete. Raising security based on path is interesting. FYI, there was a small discussion about it last year: http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2009-August/022412.html Best regards Mike Wilson
Received on Monday, 7 June 2010 05:11:05 UTC