This is a great move for improving transparency and accountability of sites. Good work to all those who helped get us this far.
On Sat, 10 Aug. 2019, 01:02 Ehsan Akhgari, <ehsan.akhg...@gmail.com> wrote: > Hi everyone, > > We currently allow cross-origin iframes to request notification > permissions. This is problematic because we'd like to move to a model > where permissions are only requested for the top-level document’s origin in > order to show non-address-bar origins as little to the user as possible. > Therefore, in Firefox 70 I plan to land a change in bug 1560741[1] to deny > such permission requests without showing a prompt. > > Chrome has announced this change over 2 years ago[2], but have yet to ship > it. Our telemetry for beta 68 shows that cross-origin use of this feature > has very low usage[3] at around 0.02% of notification requests. > > We’ll also log a warning in the web console when denying the permission > request because of this reason. > > Please let me know if you have any questions or concerns. > > Thanks, > Ehsan > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1560741 > [2] > > https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/n37ij1E_1aY > [3] https://mzl.la/2Mafa6q > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
