On Wed, Nov 25, 2009 at 12:26 PM, Peter Kasting <pkast...@google.com> wrote:
> On Wed, Nov 25, 2009 at 12:14 PM, Adam Barth <aba...@chromium.org> wrote: > >> On Wed, Nov 25, 2009 at 11:38 AM, John Gregg <john...@google.com> wrote: >> > if you whitelist an >> > origin for popups while in incognito mode, that origin is whitelisted >> > permanently even when you go back to normal mode. And in my case, it >> > behaves likewise for notifications, since those permissions are stored >> in >> > the PrefsService. Is that how we want it to work? >> >> Nope. That sounds like a bug. We should never write URLs or hosts >> the user visits while in incognito to disk. >> > > This is the sort of thing for which Profile::ServiceAccessType was > invented. Ideally, things like recording whitelisted popup hosts should > request IMPLICIT_ACCESS, which should result in no read happening. > >From reading the code, I'm not sure that's consistent. Adding a whitelisted host for popups is a result of a user action (the user choosing "always allow" from the blocked popup container), so according to the code comments, that would be an explicit access. It's kind of a gray area: it's like adding a bookmark in terms of user-initiation, but it also affects web browsing. -John -- Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev