Skip to content

Commit

Permalink
Rephrase Potential for Abuse section
Browse files Browse the repository at this point in the history
As pointed out in TAG review[1], the fact that notifications are https-only
strengthens the 'clear attribution' mitigation argument, rather than being a
separate mitigation on its own.

[1] w3ctag/design-reviews#284
  • Loading branch information
anitawoodruff authored Jul 10, 2018
1 parent 3bce9a2 commit 7d098db
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,14 +84,10 @@ for the same information.

- **This can be mitigated by clear attribution** - all major implementations already do this, and a note will be
added to the spec to make it clear that notifications should be clearly attributed to the origin of the service worker
or document which showed them.
or document which showed them. This attribution can be considered reliable since notifications may only be shown by secure
origins.

There's two other factors which help here:

- **requires a permission** - A spoof site would first need to gain notification permission from the user
before it could show a notification abusing this feature.

- **notifications are https-only** - Notifications can only be sent from secure origins.
- A further mitigation is that showing notifications **requires a permission** - a spoof site would first need to gain notification permission from the user before it could show a notification abusing this feature.


## Appendix: alternatives considered
Expand Down

0 comments on commit 7d098db

Please sign in to comment.