- From: Jeffrey Pfau <jpfau@apple.com>
- Date: Wed, 22 Aug 2012 13:29:22 -0700
- To: "whatwg@whatwg.org" <whatwg@whatwg.org>
Hi, While working on enhancing WebKit's privacy infrastructure, I noticed that shared workers don't have a UA security policy escape clause like localStorage and other APIs. The process to create a shared worker does not allow UAs to abort creation with a SecurityError if it decides that a document, origin, or script violates the UA's security policy. Adding something like the following (based on the localStorage policy clause) to the SharedWorker constructor steps would help: The user agent may throw a SecurityError exception instead of returning a SharedWorker object if the request violates a policy decision (e.g. if the user agent is configured to not allow the script to share data). What do you think? Jeffrey
Received on Wednesday, 22 August 2012 20:29:34 UTC