Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
webappsec-permissions-policy
A mechanism to selectively enable and disable browser features and APIs
-
contain-facebook
Facebook Container isolates your Facebook activity from the rest of your web activity in order to prevent Facebook from tracking you outside of the Facebook website via third party cookies.
-
contain-google
[Looking for maintainer] - Google Container isolates your Google activity from the rest of your web activity in order to prevent Google from tracking you outside of the Google website via third party cookies.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Here's a question for someone who understands cross-site cookies (which isn't me): Why does www.google.com/maps 's site permissions show https://www.openstreetmap.org/ as one of the sites 'that can use cross-site cookies and site data'?
Newer Android versions have further locker down sd card access. The implementation is apparently super slow for stuff like what Osmand uses. Dont put the map data onto the sd card or use one of the predefined locations
https://github.com/osmandapp/OsmAnd/issues/12046
Thanks for the docs. The examples (2 & 3, https://github.com/w3c/webappsec-permissions-policy/blob/mai...) seem to me to say that search.google.com can’t grant location permissions to an iframe if the parent was forbidden them, but I didn't find an explicit example for what happens if the iframe domain already got permission previously.
As you say the UI for requesting in this case would be weird, and this seems like a big security hole to me, but I can’t see a bit of the spec that explicitly forbids (though I only scanned the doc.)
This morning I looked for a similar extension for Google and I've found this fork[1] of Mozilla's extension. It's working as expected so far but I'd love for it to be officially maintained by Mozilla at some point. There is an open issue about it[2].
[0] https://github.com/mozilla/contain-facebook