On 2015-03-03 9:36 AM, Eric Rescorla wrote:
On Tue, Mar 3, 2015 at 5:55 AM, Anne van Kesteren <[email protected] <mailto:[email protected]>> wrote: On Tue, Mar 3, 2015 at 2:17 PM, Frederik Braun <[email protected] <mailto:[email protected]>> wrote: > The good news is that most of the complicated bits are already > implemented. See about:permissions. That seems like a good start, although it fails to cover a number of things, such as cache, storage APIs, and the notifications API. And we should really consider merging it into about:preferences so it can be discovered (and you can actually manage the preferences for the sites you browse from where you would expect). > Though it operates on hostnames and not origins (bug 1066517). :-( This might get tricky UI-wise, though if we stop offering persistent permissions when there's no TLS, perhaps there's some way to get there. This seems like somewhere we should try to get to quickly.
Note that we currently *store* permissions based on host name, and not the origin. Also, there are probably some permissions that can safely be stored permanently for non-secure origins, such as the permission to open pop-up windows.
_______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
