Is the threat model for all of these permissions significant enough to warrant the breakage? Popups for example are annoying, but a spoofed origin to take advantage of whitelisted popups seems not terribly dangerous.
Thanks, Andreas > On Mar 6, 2015, at 5:27 PM, Anne van Kesteren <ann...@annevk.nl> wrote: > > A large number of permissions we currently allow users to store > persistently for a given origin. I suggest we stop offering that > functionality when there's no lock in the address bar. This will make > it harder for a network attacker to abuse these permissions. This > would affect UX for: > > * Geolocation > * Notification > * Fullscreen > * Pointer Lock > * Popups > > If you are interested in demos of how these function today: > > * http://dontcallmedom.github.io/web-permissions-req/tests/geo-get.html > * http://dontcallmedom.github.io/web-permissions-req/tests/notification.html > * http://dontcallmedom.github.io/web-permissions-req/tests/fullscreen.html > * http://dontcallmedom.github.io/web-permissions-req/tests/pointerlock.html > * http://dontcallmedom.github.io/web-permissions-req/tests/popup.html > > Note that we have already implemented this for getUserMedia(). You can > contrast the UX for these two links: > > * http://dontcallmedom.github.io/web-permissions-req/tests/gum-audiovideo.html > * > https://dontcallmedom.github.io/web-permissions-req/tests/gum-audiovideo.html > > This seems like a change we can make today that would be better for > our users and nudge those that require persistence to do the right > thing, without causing much harm. > > > -- > https://annevankesteren.nl/ > _______________________________________________ > firefox-dev mailing list > firefox-...@mozilla.org > https://mail.mozilla.org/listinfo/firefox-dev _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
