On Mon, Sep 15, 2014 at 11:15 AM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote: > On 2014-09-14, 3:54 AM, Anne van Kesteren wrote: >> >> On Sat, Sep 13, 2014 at 5:42 PM, Eric Rescorla <e...@rtfm.com> wrote: >>> >>> I just tested this and it appears that at least for gUM, IFRAMEs do *not* >>> get persistent permissions even if they would have them if they were >>> in the top level window. Rather, you always get prompted. You can >>> test this yourself using: >>> >>> https://mozilla.github.io/webrtc-landing/gum_test.html >>> and >>> https://mozilla.github.io/webrtc-landing/gum_iframe.html (note: contains >>> mixed content for >>> test purposes) or the HTTP variant. >> >> >> That sounds good. However, given that apparently that's not something >> the permission manager takes care of, it might be nice to cover it >> there, so this becomes easier for all kinds of APIs that require >> permission. > > We could obviously do what you suggest, but it's not really obvious to me > whether the same behavior makes sense everywhere.
The argument that I'm making, and I think Anne is too, is that we should have the ability to store policies like this in the nsIPermissionManager. That way we *can* use it in places where it makes sense, or we can choose to simply store policies like "allow youtube.com to use flash independent of parent frames" where that makes sense. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
