Gregory's Server
@simon There's plenty of Google-only or $bigco special-case code in Chromium, unfortunately. IIUC they only implement things like this as last resort.
A lot of these predate modern Web APIs that provide access to the same data/functions, others are needed for complex auth stuff (like smartcards or zero-trust auth), others are needed by ChromeOS components for the OS to work. Many hardcoded allowlists are for third-party extensions by big companies for certain code paths.
@AlesandroOrtiz @simon But either itβs ok for general consumption, and then it should be allowed everywhere, or itβs not ok for general consumption, and then it shouldnβt be allowed for Google domains either.
Why should Google domains be treated differently when it comes to smartcard access? And why should Google get a pass on updating their code to newer APIs when everyone else is forced to?