Re: Restricting the Notifications API to secure contexts

2017-08-07 Thread Martin Thomson 
More than fine, this is an overdue change :)

Notifications being available on http:// origins is a source of a
small amount of pain for web push, because the two share the same
permission.

On Tue, Aug 8, 2017 at 2:24 AM, Eric Rescorla  wrote:
> This seems fine.
>
> -Ekr
>
>
> On Mon, Aug 7, 2017 at 6:45 AM, Anne van Kesteren  wrote:
>
>> Chrome wants to restrict the Notifications API
>> https://notifications.spec.whatwg.org/ to secure contexts:
>>
>>   https://github.com/whatwg/notifications/issues/93
>>   https://github.com/w3c/web-platform-tests/pull/6596
>>
>> Given that the API involves prompting the user as well as a permission
>> that remains stored across different networks it seems like a good
>> idea to restrict this API to HTTPS.
>>
>> I was wondering if anyone has concerns with restricting the API as
>> such. If there are no concerns within a week I'll let Chrome go ahead
>> with the change to the standard and tests and file the necessary
>> implementation bugs against the remaining browsers, including Firefox.
>>
>>
>> --
>> https://annevankesteren.nl/
>> ___
>> dev-platform mailing list
>> dev-platform@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-platform
>>
> ___
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Restricting the Notifications API to secure contexts

2017-08-07 Thread Eric Rescorla 
This seems fine.

-Ekr


On Mon, Aug 7, 2017 at 6:45 AM, Anne van Kesteren  wrote:

> Chrome wants to restrict the Notifications API
> https://notifications.spec.whatwg.org/ to secure contexts:
>
>   https://github.com/whatwg/notifications/issues/93
>   https://github.com/w3c/web-platform-tests/pull/6596
>
> Given that the API involves prompting the user as well as a permission
> that remains stored across different networks it seems like a good
> idea to restrict this API to HTTPS.
>
> I was wondering if anyone has concerns with restricting the API as
> such. If there are no concerns within a week I'll let Chrome go ahead
> with the change to the standard and tests and file the necessary
> implementation bugs against the remaining browsers, including Firefox.
>
>
> --
> https://annevankesteren.nl/
> ___
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Re: Restricting the Notifications API to secure contexts

2017-08-07 Thread Enrico Weigelt, metux IT consult 

On 07.08.2017 15:45, Anne van Kesteren wrote:

Chrome wants to restrict the Notifications API
https://notifications.spec.whatwg.org/ to secure contexts:


wait a second ... it was wide open all the time ?


--mtx
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Restricting the Notifications API to secure contexts

2017-08-07 Thread Anne van Kesteren 
Chrome wants to restrict the Notifications API
https://notifications.spec.whatwg.org/ to secure contexts:

  https://github.com/whatwg/notifications/issues/93
  https://github.com/w3c/web-platform-tests/pull/6596

Given that the API involves prompting the user as well as a permission
that remains stored across different networks it seems like a good
idea to restrict this API to HTTPS.

I was wondering if anyone has concerns with restricting the API as
such. If there are no concerns within a week I'll let Chrome go ahead
with the change to the standard and tests and file the necessary
implementation bugs against the remaining browsers, including Firefox.


-- 
https://annevankesteren.nl/
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform