On Fri, Sep 12, 2014 at 11:44 AM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote: >> If we rewrite I think it would be good to take top-level browsing >> context partitioning under consideration. That is, if I navigate to >> https://example/ and grant it the ability to do X. And then navigate >> to https://elsewhere.invalid/ which happens to embed https://example/, >> the embedded https://example/ does not have the ability to do X. > > The permission manager itself is unaware of browsing contexts, it is the > consumer which decides how to query it.
This is one of the bad things with the permission manager. It leads to that we end up with different policies for different permissions. It's actually even worse than that. Because it is the *reader* that sets the policy, it means that a cookie policy written to the permission manager could be interpreted in different ways depending on which exact code is checking the permission manager. What we really should do is to enable writing into the permission manager "set this cookie policy for domain and subdomains" or "set this cookie policy for this domain" or "set this cookie policy for this origin". And then make the reading side simply ask "can this principal send cookies". Rather than the current "can this principal send cookies assuming that the stored data should use policy X". We can probably expand this pattern to also handle 3rd party iframes. Note that there are use cases for both narrow and broad policies. At the very least it seems useful to be able to say both "deny all of *.adnetwork.com from using cookies" as well as "allow https://google.com/ to use camera". / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform