On Tue, Sep 9, 2014 at 1:26 PM, Mounir Lamouri <mou...@lamouri.fr> wrote: > On Tue, 9 Sep 2014, at 10:10, Daniel Veditz wrote: >> On 9/8/2014 2:16 AM, Mounir Lamouri wrote: >> > On Sun, 7 Sep 2014, at 04:56, Martin Thomson wrote: >> >> It's more the case that a persistent positive grant from permission >> >> manager would be ignored for non-secure origins and non-secure origins >> >> would not show any option to persist. >> > >> > I don't know the specifics about the UI, but you don't want to have a >> > prompt showing up every time a call to an API is being made. It would be >> > terribly frustrating for users and developers. >> >> It wouldn't be every API call, it'd be the first API call. Would it help >> to have an option to remember for the session (rather than >> per-document)? We have no guarantee that the foo.com you connect to >> tomorrow is the same foo.com you trusted today, especially if you're >> connecting to a new network (e.g. coffee shop, airport, hotel). > > That's why I suggested a combination of time-based permission and > session-based.
Why would complexity like that be preferable over the simplicity of requiring an authenticated origin? -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
