On 9/10/14 2:09 AM, Henri Sivonen wrote:
Chrome auto-decides whether the grant is persistent based on whether
the URL is http or https.
Whoa. That's non-obvious and creepy. As a user, I find it creepy for
an UI that looks like a one-time grant to actually do a persistent
grant.
Indeed. I think it's fine for the protocol to influence if persistence
_can_ be set (i.e., only allowing persistence on secure connections),
but making it automatic is conflating permission (user choice) and security.
It's particularly egregious on Google Maps... The maps.google.com site
redirects to https://google.com/maps, which means using geolocation on
Google Maps in Chrome will automatically allow geolocation for all of
google.com. I wonder how many Maps users understand or expect that.
Justin
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
