-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add [InsecureContext] #471
Comments
I like the idea of making the choice explicit! That said, since this is a binary option, it might make more sense to treat what you've called "InsecureContext" as a variant of the existing attribute (e.g. |
See #420 (comment). |
If we actually think we can manage to do this I'd suggest we flip the default instead as the plan of action seems to be to make most things restricted to secure contexts. That way if you don't think about it it's fine, as you'll be doing the right thing. And if you do think about it and make the wrong choice, it's more easily spotted. |
I suspect we want both after all, since sometimes the majority of an interface will be insecure and so having insecure as the default makes sense until it becomes time to flip. Unless it seems reasonable that all existing members get annotated with [LegacyInsecureContext] when you need to add a "secure" one. |
Let's duplicate this into #876. |
To make it clear which (new) APIs are available on insecure contexts and encourage spec authors to make a conscious decision, I propose adding
[InsecureContext]
as a peer to[SecureContext]
.Such an attribute would also enable tools, such as Bikeshed and IDL compilers, to ensure that one or the other has been specified.
The text was updated successfully, but these errors were encountered: