On Wed, Apr 1, 2015 at 4:30 PM, Anne van Kesteren <ann...@annevk.nl> wrote: > On Wed, Apr 1, 2015 at 4:27 PM, Domenic Denicola <d...@domenic.me> wrote: >> I think it's OK for different browsers to experiment with different >> non-interoperable conditions under which they fulfill or reject the >> permissions promise. That's already true for most permissions grants today. > > It's true when UX is involved. When UX must not be involved, it's a > very different situation. For those cases we do spell out what needs > to happen.
I agree with Anne. What Domenic describes sounds like something similar to CORS. I.e. a network protocol which lets a server indicate that it trusts a given party. Not saying that we can use CORS to solve this, or that we should extend CORS to solve this. My point is that CORS works because it was specified and implemented across browsers. If we'd do something like what Domenic proposes, I think that would be true here too. However, in my experience the use case for the TCPSocket and UDPSocket APIs is to connect to existing hardware and software systems. Like printers or mail servers. Server-side opt-in is generally not possible for them. / Jonas