On 11.09.2014 19:04, Anne van Kesteren wrote: > On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson <[email protected]> wrote: >> On 2014-09-11, at 00:56, Anne van Kesteren <[email protected]> wrote: >>> Are we actually partitioning permissions per top-level browsing >>> context or could they already accomplish this through an <iframe>? >> >> As far as I understand it, permissions are based on domain name only, they >> don’t include scheme or port from the origin. So it’s probably less >> granular than that. > > That seems somewhat bad. >
Yes. AFAIU (I might be terribly wrong), this is because all of those permissions (gUM, Geolocation, Offilne Storage, Fullscreen) are using the Permission manager we still have from the Popup Blocker/Cookie Manager. This is domain based. Not origin :( You can see this in about:permissions. _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
