>> I don't actually think about:permissions is a good start, or that it's
>> implemented "most of the complicated bits." Quite the opposite, really: it
>> was a useful experiment, but has some serious problems. I'd briefly
>> summarize the two main flaws as (1) "manager" UIs are generally not great
>> (they provide some minimal functionality to change settings but are bad at
>> informing the user what's going on) and (2) it isn't a great fit for the
>> scopes of various things in the browser (everything from global settings to
>> exact-url matches, with lots of subtle variations in between), let alone
>> matching that to a user's mental model.
> The scope of most web-facing features that are exposed directly to
> sites is the origin. Cookies deviate, so require some extra attention.
> But in general managing site matters at the level of origin seems
> sound from a platform perspective.
> The kind of things I'd like to see in the end are a list of origins
> sorted by storage usage, origins that have recently used geolocation
> functionality, origins that have background activity, origins that can
> display notifications, etc.
There is another area where we don't use origins, which is storage.
Storage here currently include IndexedDB, Cache API and cached SW
scripts. In the future it'll likely also include localStorage and
other future storage APIs in this.
For storage we have a limit on how much total data all websites can
write (something close to 50% of free space of the user's drive IIRC).
However in order to not allow a single website to suck up all of that
storage, we also put a limit on how much a given website can store. If
we based that purely on origin, a website could work around that by
sharding itself over an unlimited number of subdomains and using those
as storage proxies. I.e. by opening sub1.website.com
, etc in <iframe>s and then postMessaging with them.
So instead we measure and limit storage on a per eTLD+1 basis.
This isn't exactly a permission, but would be good to expose to users
in the permissions UI.
Also, we might want to do something similar for permissions. It's
somewhat annoying if a website can keep asking for geolocation by
simply using new subdomains to do so, even if the user repeatedly
clicks "no" and "remember this decision".
> And we should really start looking into this since the more power we
> grant origins, the more we should really let users control it.