On Sep 30, 2014, at 5:36 PM, Ehsan Akhgari <[email protected]> wrote:
> On 2014-09-30, 4:29 AM, Henri Sivonen wrote: >>> More immediately we should make it impossible to make persistent >>> grants for these features on unauthenticated origins. >> >> This I agree with when it comes to privacy-sensitive API: Granting a >> persistent permission to an http: origin amounts to granting a >> persistent permission to everyone who in the future has a chance of >> performing an active MITM attack on you. > > I also think that we should definitely stop persisting the geolocation > permission grant for non-authenticated origins. I'm not really sure if web > compat allows us to remove support for the API completely (although > admittedly I don't have data on this.) Either way, we should collect some data before we take action. > > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
