Hi When I was reading the 'New Securiry Model' from Jonas [1], in the last section 'Origin and Cookie jars' he mentioned
*"Signed content must never be considered same-origin with unsigned content, or content from another signed package."* And I notice that Google has introduced the concept of 'suborigin' in [2] which I think could address some of our issues in Jonas' proposal. But I've searched our mozilla mailing lists and bugzilla, and only found one thread raised by Brian Smith in [3]. So I am wondering is this something we should implement on FirefoxOS? Thanks PS: For your information, the discussion of this proposal from webappssec is at [4], and this issue is also being discussed in W3CTAG [5], and the bug number in Chromium is at [6]. [1]: https://wiki.mozilla.org/FirefoxOS/New_security_model [2]: http://www.chromium.org/developers/design-documents/per-page-suborigins [3]: https://lists.w3.org/Archives/Public/public-webappsec/2014Nov/0179.html [4]: https://lists.w3.org/Archives/Public/public-webappsec/2013Aug/0016.html [5]: https://github.com/w3ctag/packaging-on-the-web/issues/24 [6]: https://code.google.com/p/chromium/issues/detail?id=336894
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
