WebAPI/Security/NetworkInfo: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) No edit summary |
No edit summary |
||
| Line 35: | Line 35: | ||
| Certified Web Apps || As per general use cases above. || No permission required | | Certified Web Apps || As per general use cases above. || No permission required | ||
|} | |} | ||
[[Category:Web APIs]] | |||
[[Category:Security]] | |||
Latest revision as of 23:41, 1 October 2014
Network Information API
Brief purpose of API: Allow content to understand if current network connectivity is metered in order to allow apps to limit consumption.
API Endpoint: navigator.connection.*
General Use Cases:
- Read current bandwidth estimate or ask if connection is metered
- Listen for connection change events
Inherent threats: Privacy (de-anonymize users based on connection change events?)
References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=677166
- https://wiki.mozilla.org/WebAPI/NetworkAPI
- http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/464d2a5ca3ed0e05/68e2de5b987f28d9
Threat severity: Low
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general use cases above. | No permission required | |
| Installed Web Apps | As per general use cases above. | No permission required | |
| Privileged Web Apps | As per general use cases above. | No permission required | |
| Certified Web Apps | As per general use cases above. | No permission required |