On Tue, 9 Sep 2014, at 10:10, Daniel Veditz wrote: > On 9/8/2014 2:16 AM, Mounir Lamouri wrote: > > On Sun, 7 Sep 2014, at 04:56, Martin Thomson wrote: > >> It's more the case that a persistent positive grant from permission > >> manager would be ignored for non-secure origins and non-secure origins > >> would not show any option to persist. > > > > I don't know the specifics about the UI, but you don't want to have a > > prompt showing up every time a call to an API is being made. It would be > > terribly frustrating for users and developers. > > It wouldn't be every API call, it'd be the first API call. Would it help > to have an option to remember for the session (rather than > per-document)? We have no guarantee that the foo.com you connect to > tomorrow is the same foo.com you trusted today, especially if you're > connecting to a new network (e.g. coffee shop, airport, hotel).
That's why I suggested a combination of time-based permission and session-based. -- Mounir _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
