On 2015-03-06 1:23 PM, andreas....@gmail.com wrote:
On Mar 6, 2015, at 6:18 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote:
On 2015-03-06 1:14 PM, andreas....@gmail.com wrote:
On Mar 6, 2015, at 5:52 PM, Anne van Kesteren <ann...@annevk.nl> wrote:
On Fri, Mar 6, 2015 at 6:33 PM, <andreas....@gmail.com> wrote:
Is the threat model for all of these permissions significant enough to warrant
the breakage?
What breakage do you envision?
I can no longer unblock popups on sites that use HTTP. The web is a big place.
It will take a long time for everyone to move.
I think Anne is not proposing that. He's proposing blocking persisting those
permissions. IOW you would be able to still show popups from these websites,
but you won't be able to ask Firefox to remember your preference.
I know but we will break the persisting. The user will be annoyed that popup
unblocking doesn’t work as expected on HTTP sites.
I am all for securing dangerous permissions but popups and notifications seems
more like we are wagging our finger at the user in unhelpful ways. Most users
will simply think Firefox is broken.
Notifications are a much newer feature than pop-ups and are not as
widely used yet, so hopefully with the case of notifications we can stop
persisting the permission right now without having too many people
wonder why they can't persist the permission. Perhaps it makes more
sense to start with geolocation, fullscreen and pointerlock first.
One thing to note is that there are still large Web properties which at
least use geolocation and fullscreen from HTTP (Bing Maps for example
for geolocation, and player.vimeo.com for embedded vimeo videos usin
fullscreen). We should probably start evangelizing this sooner than
later to those Web sites, and perhaps also to the general developer
community through a hacks blog post and similar venues.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
