ISSUE-9: Restricting API Access
restricted-access
Restricting API Access
- State:
- CLOSED
- Product:
- Raised by:
- Matt Womer
- Opened on:
- 2009-06-15
- Description:
- Doug Turner had an idea that should be tracked [1]:
"got some feedback on this. this isn't how it works today, but I think it is the way it should work in the future. Even more so, I have been considering restricting device apis (like geolocation) to top level documents only and prevent iframes from accessing this APIs. I did get some push back in Dec when I suggested this at our w3c devices workshop (are the notes anywhere for this? thomas?). This will break many of the sites like igoogle and others that embed content from remote origins. However such sites, could use something like PostMessage to explicitly send data.
Is this an overkill? Thoughts?"
We've split discussion of the idea out into a separate thread [2].
[1] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0053.html
[2] http://lists.w3.org/Archives/Public/public-geolocation/2009May/0055.html
- Related Actions Items:
- No related actions
- Related emails:
- Re: Restricting API access (from [email protected] on 2009-06-15)
- ISSUE-9 (restricted-access): Restricting API Access [GeoAPI V1] (from [email protected] on 2009-06-15)
Related notes:
Switching to product 'none' for now, talking with Chairs about how to track issues that aren't going to directly impact the doc, so until then it's product 'none'.
Matt Womer, 15 Jun 2009, 17:53:46Closed based on f2f meeting consensus.
Lars Erik Bolstad, 4 Nov 2010, 09:13:04Display change log