-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Headers may limit possible Storage Access API policies #18
Comments
CC @jyasskin since he provided the original feedback from the TAG, in case he wants to provide more context.
This proposal avoids that narrowing as much as possible, while still providing utility to websites. This feature is designed such that websites (still) must request the Note that if a user agent does not support these headers, or does not support the header-based opt-in, then the non-iframe use case has no general solution in that user agent. This is unavoidable (unless the UA sacrifices security instead), and highlights the usefulness of this feature. This concern was previously discussed in a weekly PrivacyCG call (minutes). Tentatively closing, please reopen or leave comments as needed. |
@hober, do you think this answer addresses the concern? |
Taken from this comment:
The text was updated successfully, but these errors were encountered: