[Webkit-unassigned] [Bug 152299] [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 15 08:34:13 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=152299
--- Comment #15 from Davide Orazio Montersino <davide at davidemontersino.com> ---
(In reply to comment #14)
> (In reply to comment #12)
> > It's really not the prerogative of the site author to decide if device
> > status should be shared cross-domain.
>
> Aye this could already be done with a plethora of non-elegant means using
> postMessage, WebSockets as suggested earlier all the way through to
> embedding the event data in the URL after the hash and having the child
> frame listen for onhashchange.
>
> Although it would be nicer to actually have native support if that is what
> the site owner is after.
Any updates on the sandbox="allow-scripts allow-device-sensors" proposal?
Not implementing this solution does not add to security in any ways - enabling it or not is of course still prerogative of the site owner.
It just makes the web a more hackish place - using non-elegant ways achieve this is exactly what we and the whole industry is doing.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160715/7bace498/attachment.html>
More information about the webkit-unassigned
mailing list