[cap-talk] Ambient authority in the Web Geolocation API
Mark Seaborn
mrs at mythic-beasts.com
Tue Nov 24 22:50:12 PST 2009
On Fri, Oct 30, 2009 at 12:26 AM, David-Sarah Hopwood
<david-sarah at jacaranda.org> wrote:
> So, only a top-level frame should be able to request geolocation data.
I agree.
If the top-level frame wishes to co-operate with nested iframes and
delegate geolocation access to them, it can do so using the various
inter-frame communications mechanisms, such as postMessage(). MarkM
pointed out that postMessage() has been extended with the ability to
send message ports in messages between frames, which makes it even
easier to share geolocation updates.
I made this suggestion to one of the people involved in the
geolocation API spec. He told me that web apps are not allowed to
share geolocation across origins, and that if a web app did this it
would be (paraphrasing) "violating the spec". (I'm not sure how the
API spec is supposed to be binding on web apps.)
Actually I looked up the relevant part of the spec and it says "The
recipient of location information must not retransmit the location
information without the user’s express permission" (in 4.2, "Privacy
considerations for recipients of location information",
http://www.w3.org/TR/geolocation-API/). It's not clear what
"retransmit" means or whether this covers postMessage(), and this
clause does not mention origins, but apparently this is the reason why
they want iframes to be able to request geolocation directly from the
browser rather than requiring the top-level frame to proxy the
request.
> Switching away from a tab automatically revokes geolocation access; to
> reenable it, the user has to switch back to that tab *and* click to allow
> it again.
You mean switching to another tab within the same browser window would
revoke access? I don't think that would work well. Tabs are just an
alternative to multiple windows, and it would not be acceptable for
functionality within a window to break when switching to another
window. There are legitimate uses for geolocation access in a
background tab -- e.g. recording a location trace for plotting a map.
Mark
More information about the cap-talk
mailing list