On Fri, Sep 12, 2014 at 12:39 PM, Frederik Braun <[email protected]> wrote: > On 11.09.2014 19:04, Anne van Kesteren wrote: >> On Thu, Sep 11, 2014 at 6:58 PM, Martin Thomson <[email protected]> wrote: >>> On 2014-09-11, at 00:56, Anne van Kesteren <[email protected]> wrote: >>>> Are we actually partitioning permissions per top-level browsing >>>> context or could they already accomplish this through an <iframe>? >>> >>> As far as I understand it, permissions are based on domain name only, they >>> don’t include scheme or port from the origin. So it’s probably less >>> granular than that. >> >> That seems somewhat bad. >> > > Yes. > > AFAIU (I might be terribly wrong), this is because all of those > permissions (gUM, Geolocation, Offilne Storage, Fullscreen) are using > the Permission manager we still have from the Popup Blocker/Cookie > Manager. This is domain based. Not origin :( > You can see this in about:permissions.
This is shocking. Making the fundamental design bug of cookies affect everything else is *really* bad. Is there a bug on file for fixing this? -- Henri Sivonen [email protected] https://hsivonen.fi/ _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
