Closed Bug 825686 Opened 12 years ago Closed 11 years ago

Permission restrictions for apps should also be enforced for non-app content

Categories

(Core :: DOM: Device Interfaces, defect)

Product:
Core
Component:
DOM: Device Interfaces
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 823974
Milestone:
B2G C4 (2jan on)
Project Flags:
blocking-basecamp +

People

(Reporter: ladamski, Assigned: dougt)

References

Details

Per bug 823974#c5 we should enforce the same permissions restrictions for embedded non-app content as for the app that embeds it.  

Which means that if an app does not have the geolocation permission in its manifest, then any content that embeds should not be able to prompt for geolocation either.  

Conversely, if the app does contain the geolocation permission in this manifest then any combination of the app and/or the content it embeds can ask the user for permission to use geolocation (i.e. the app does not have to be granted geolocation access before embedded content is allowed to request it).

I believe this really would only immediately impact 3 existing permissions per https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0:
- desktop-notification
- fmradio
- geolocation

bb+ per triage conversations due to app breakage risk of implementing this further down the road.
Target Milestone: --- → B2G C4 (2jan on)
the work required is really covered by 823974.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.