Академический Документы
Профессиональный Документы
Культура Документы
Proposal
The Chrome Security team and I propose that, for new and particularly
powerful web platform features, browser vendors tend to prefer to make
the the feature available only to secure origins by default.
Definitions
(https, *, *)
(wss, *, *)
(*, localhost, *)
(*, 127/8, *)
(*, ::1/128, *)
(file, *, —)
(chrome-extension, *, —)
This list may be incomplete, and may need to be changed. Please discuss!
For Example
Background
For example, the Gmail app on Android has access only to the user’s Gmail
and the system capabilities necessary to read and write that email. Without
an explicit grant, it does not have access to resources that other apps (e.g.
Twitter) create. It also does not have access to system capabilities
unrelated to email. Nor does it have access to the email of another user on
the same computer.