adding tanvi. On Jul 1, 2014, at 7:20, Boris Zbarsky <bzbar...@mit.edu> wrote:
> On 7/1/14, 6:06 AM, Anne van Kesteren wrote: >> Hi Doug, Patrick, Boris, > > ccing Jonas, since he's been thinking about this a lot recently. > >> https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIContentPolicy >> suggests we have somewhat less granularity than Chromium / the >> specification at the moment, but I'm not sure if that's up to date. > > It's up to date, but Jonas is in the middle of working on a replacement for > that API. > >> Do we have any plans in this area or do you have concerns about the >> existing breakdown in the specification? Contexts will be observable >> given CSP, Mixed Content, and will be exposed as string to service >> workers. > > The list of possible contexts looks OK to me, I think, except "popup", more > on which below. > > I assume it will be the responsibility of whoever invokes a fetch to specify > a context? > > What is the process of getting new contexts added as new features are added > to the platform? > > So, "popup". > > Is <a target="_blank" href="whatever"> a "navigation" or a "popup"? What > about <a target="something" href="whatever">? Does it depend on whether an > existing navigation context with the name "something" exists? What about > window.open("whatever", "something")? What about <form action="whatever" > target="_blank">? Is there a difference between navigations to _blank target > that will be show in new windows vs new tabs? > > Basically, why is this a useful request context value? > >> (Copied dev-platform as experiment. To inform everyone else this is >> ongoing. If there's a more suitable Mozilla list when it comes to >> standardizing Gecko, please let me know!) > > This is the right list, imo. > > As long as we're here, is the associated origin of a request related to the > request context or the response? It would be good to make that clear. > > Should the default mode be no CORS or CORS? It might make some sense to have > it be CORS... Similar for response tainting. > > -Boris > >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
