On 2/1/12 11:57 AM, Boris Zbarsky wrote:
On 2/1/12 2:39 PM, Charles Pritchard wrote:
Mozilla said they were getting rid of their enable privilege API. I
don't know that they have.
It's being removed, slowly. For example, cross-site XHR (modulo
whatever CORS allows) is no longer possible even if you
enablePrivilege in current Gecko.
There may be a different privilege setup eventually, but
enablePrivilege in its existing form is not a good API, especially for
the web.
So, in Gecko, is cross-site XHR something now specified explicitly in
the extension manifest?
Chrome went ahead with specifying "optional permissions" in the
manifest, and when those are present in the manifest, they can be
requested via chrome.permissions.request. It's async, which is nice, and
is quite different than the synchronous Gecko model.
http://code.google.com/chrome/extensions/trunk/permissions.html
The special status of "file://" is still a special thing.
enablePrivilege in Gecko had semantics for such items, whereas Chrome
does not. It seems like that part of Gecko is also being put aside,
which is probably for the best. I've considered running a page from
file:// a special form of installation.
It still is, with Chrome, as one can do things like iframe local
content. Not something you can really do otherwise.
-Charles
