ISSUE-9: Restricting API Access


Restricting API Access

Raised by:
Matt Womer
Opened on:
Doug Turner had an idea that should be tracked [1]:

"got some feedback on this. this isn't how it works today, but I think it is the way it should work in the future. Even more so, I have been considering restricting device apis (like geolocation) to top level documents only and prevent iframes from accessing this APIs. I did get some push back in Dec when I suggested this at our w3c devices workshop (are the notes anywhere for this? thomas?). This will break many of the sites like igoogle and others that embed content from remote origins. However such sites, could use something like PostMessage to explicitly send data.

Is this an overkill? Thoughts?"

We've split discussion of the idea out into a separate thread [2].


Related Actions Items:
No related actions
Related emails:
  1. Re: Restricting API access (from on 2009-06-15)
  2. ISSUE-9 (restricted-access): Restricting API Access [GeoAPI V1] (from on 2009-06-15)

Related notes:

Switching to product 'none' for now, talking with Chairs about how to track issues that aren't going to directly impact the doc, so until then it's product 'none'.

Matt Womer, 15 Jun 2009, 17:53:46

Closed based on f2f meeting consensus.

Lars Erik Bolstad, 4 Nov 2010, 09:13:04

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <>.
$Id: 9.html,v 1.1 2017/05/30 09:54:32 carine Exp $