WebAPI/DesignGuidelines: Difference between revisions

Jump to navigation Jump to search

WebAPI/DesignGuidelines (view source)

Revision as of 10:04, 26 August 2014

158 bytes added ,  26 August 2014
→‎Design considerations: Avoid "ask the user" as an attack mitigation mechanism when possible
(→‎Design considerations: Secure origins are apparently called authenticated origins now)
(→‎Design considerations: Avoid "ask the user" as an attack mitigation mechanism when possible)
Line 66: Line 66:
* if you are extending the algorithms of another specification, request that the spec you are extending highlights to its readers the points your spec extends/plugs into
* if you are extending the algorithms of another specification, request that the spec you are extending highlights to its readers the points your spec extends/plugs into
* document and standardize attack vector mitigations so they're done consistently across implementations.
* document and standardize attack vector mitigations so they're done consistently across implementations.
** if the attacks can be mitigated either by asking the user or by designing the feature so that there's no need to ask the user, prefer not asking the user.
* attempt to avoid "prompt fatigue" (e.g. don't skirt security concerns by prompting to allow the web content to do something as users will have difficulty reading and interpreting the associated risks).
* attempt to avoid "prompt fatigue" (e.g. don't skirt security concerns by prompting to allow the web content to do something as users will have difficulty reading and interpreting the associated risks).
* ensure the API is "webby".
* ensure the API is "webby".
Hsivonen
254

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1009266"

Navigation menu