On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson <m...@mozilla.com> wrote: > On 2014-09-11, at 00:56, Anne van Kesteren <ann...@annevk.nl> wrote: >> Are we actually partitioning permissions per top-level browsing >> context or could they already accomplish this through an <iframe>? > > As far as I understand it, permissions are based on domain name only, they > don’t include scheme or port from the origin. So it’s probably less granular > than that.
That seems somewhat bad. > In the Google case, I doubt that there is anything meaningful we can do to > scope permissions in a way that would both prevent Google from sharing a > persistent grant. Not without breaking a great number of sites. Well, if there's https://maps.example/ that I share my location with, we could make it so that it if https://maps.example/ is embedded from https://mercent.example/, it no longer has the permission. That's what I meant with partitioning by top-level browsing context. -- http://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
