On 7/1/14, 6:06 AM, Anne van Kesteren wrote:
Hi Doug, Patrick, Boris,
ccing Jonas, since he's been thinking about this a lot recently.
https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIContentPolicy
suggests we have somewhat less granularity than Chromium / the
specification at the moment, but I'm not sure if that's up to date.
It's up to date, but Jonas is in the middle of working on a replacement
for that API.
Do we have any plans in this area or do you have concerns about the
existing breakdown in the specification? Contexts will be observable
given CSP, Mixed Content, and will be exposed as string to service
workers.
The list of possible contexts looks OK to me, I think, except "popup",
more on which below.
I assume it will be the responsibility of whoever invokes a fetch to
specify a context?
What is the process of getting new contexts added as new features are
added to the platform?
So, "popup".
Is <a target="_blank" href="whatever"> a "navigation" or a "popup"?
What about <a target="something" href="whatever">? Does it depend on
whether an existing navigation context with the name "something" exists?
What about window.open("whatever", "something")? What about <form
action="whatever" target="_blank">? Is there a difference between
navigations to _blank target that will be show in new windows vs new tabs?
Basically, why is this a useful request context value?
(Copied dev-platform as experiment. To inform everyone else this is
ongoing. If there's a more suitable Mozilla list when it comes to
standardizing Gecko, please let me know!)
This is the right list, imo.
As long as we're here, is the associated origin of a request related to
the request context or the response? It would be good to make that clear.
Should the default mode be no CORS or CORS? It might make some sense to
have it be CORS... Similar for response tainting.
-Boris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
