25053 – Specify clear security requirements

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25053 - Specify clear security requirements

Summary: Specify clear security requirements

Status:	RESOLVED FIXED

Alias:	None

Product:	WebAppsWG
Classification:	Unclassified
Component:	HISTORICAL - Screen Orientation (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Mounir Lamouri
QA Contact:	public-webapps-bugzilla

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-14 20:30 UTC by Mounir Lamouri
Modified:	2014-04-12 00:59 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Mounir Lamouri 2014-03-14 20:30:30 UTC

What if the call is made from a browser tab that in not fullscreen? if fullscreen? in an iframe? etc.

It would be great if the specification could allow some freedom in implementation here depending on security model but still make it clear to the developers what's happening and how to solve it. For example, a Promise could fail with "FullscreenRequired" or "SecurityError" depending on the actual problem. The former being solvable (going fullscreen), the later being not solvable in the current context (being an iframe or not at all allowed).

Comment 1 Mounir Lamouri 2014-04-03 21:18:07 UTC

I think it would be good to have a system where, by default, a nested browsing context is not able to lock the screen orientation unless the ancestor allows it via an iframe sandbox frame.

Comment 2 Mounir Lamouri 2014-04-12 00:59:19 UTC

https://github.com/w3c/screen-orientation/commit/fe334b38accdf01d2ab6c42a0863921ab80aed1b