On Wed, Sep 12, 2018 at 3:47 AM Anne van Kesteren <ann...@annevk.nl> wrote:
> On Tue, Sep 11, 2018 at 9:06 PM Ehsan Akhgari <ehsan.akhg...@gmail.com> > wrote: > > Please note that Firefox will grant storage access permissions > > automatically under certain circumstances for web compatibility reasons, > so > > even when the iframe has never called this API it may still obtain > storage > > access. In order to prevent that from happening, the usual approaches > > against embedded content gaining storage access (through sandboxing the > > iframe to give it a unique origin) could be used. > > Unfortunately, that will still share cookies. Adding a feature policy > or some such for that might be worthwhile. > Yes indeed. But that's beyond the scope of the current intent thread. -- Ehsan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
