If you work on security & are interested in suborigins (https://w3c.github.io/webappsec-suborigins/ …), speak up! Browser vendors want to gauge community interest
-
Show this thread
-
At Google we have several use cases for suborigins, mostly to isolate different apps hosted in the same origin & improve SOP protections.
1 reply 0 retweets 1 likeShow this thread -
If browsers ship suborigins, will you use them? Or do you think CSP is the be-all and end-all of web platform security? ;-)
2 replies 2 retweets 4 likesShow this thread -
Replying to @arturjanc
I haven’t read the spec in a long while..but if it can help folks with the `/admin` problem,
1 reply 0 retweets 2 likes -
Replying to @patricktoomey @arturjanc
I can think of a few million ways GitHub can leverage suborigins :)
2 replies 0 retweets 7 likes -
please share that; browsers need to know!
1 reply 0 retweets 0 likes -
Browsers need to figure out what Suborigins are. So far, I’m not sure we have. :(
1 reply 0 retweets 6 likes -
Suborigins are easy to understand for users, even if not straightforward to implement/spec. Use cases can show why this effort is worth it.
4 replies 0 retweets 0 likes
Also worth noting is that suborigins are one of the few features that @sirdarckcat and I both like a lot, which has got to mean something!
-
-
Replying to @arturjanc @mikewest and
I’d like to learn more about the use cases and what you envision for permissions and storage UX.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.