Confirmed users
14
edits
Apps/SecurityDetails: Difference between revisions
Jump to navigation
Jump to search
m
→Sandboxed Permissions
| Line 31: | Line 31: | ||
=== Sandboxed Permissions === | === Sandboxed Permissions === | ||
And just like website data is sandboxed per app, so are permission grants. If App A loads a page from http://maps.google.com and that page requests to use geolocation and the user says "yes, and remember this decision for all times", this only means that http://maps.google.com has access to geolocation | And just like website data is sandboxed per app, so are permission grants. If App A loads a page from http://maps.google.com and that page requests to use geolocation and the user says "yes, and remember this decision for all times", this only means that http://maps.google.com has access to geolocation within App A. If App B then opens http://maps.google.com, that page won't have access to geolocation unless the user grants that permission again. | ||
And just like in the normal browser, permissions are separated by origin. This means that if App A is granted permission to use Geolocation, this does not mean that all origins running in App A | And just like in the normal browser, permissions are separated by origin. This means that if App A is granted permission to use Geolocation, this does not mean that all origins running in App A have the permission to use Geolocation. If App A opens an <iframe> to http://maps.google.com, then http://maps.google.com still has to ask the user for permission before geolocation access is granted. | ||
=== browserContent flag === | === browserContent flag === | ||