On Wed, Nov 25, 2009 at 12:26 PM, Peter Kasting <pkast...@google.com> wrote:
> On Wed, Nov 25, 2009 at 12:14 PM, Adam Barth <aba...@chromium.org> wrote:
>
>> On Wed, Nov 25, 2009 at 11:38 AM, John Gregg <john...@google.com> wrote:
>> > if you whitelist an
>> > origin for popups while in incognito mode, that origin is whitelisted
>> > permanently even when you go back to normal mode. And in my case, it
>> > behaves likewise for notifications, since those permissions are stored
>> in
>> > the PrefsService. Is that how we want it to work?
>>
>> Nope. That sounds like a bug. We should never write URLs or hosts
>> the user visits while in incognito to disk.
>>
>
> This is the sort of thing for which Profile::ServiceAccessType was
> invented. Ideally, things like recording whitelisted popup hosts should
> request IMPLICIT_ACCESS, which should result in no read happening.
>
>From reading the code, I'm not sure that's consistent. Adding a whitelisted
host for popups is a result of a user action (the user choosing "always
allow" from the blocked popup container), so according to the code comments,
that would be an explicit access. It's kind of a gray area: it's like
adding a bookmark in terms of user-initiation, but it also affects web
browsing.
-John
--
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
