In October, @timbl wrote:
If you run a web app in a web page, the browser does severely limit its access to anything on the web [â¦]. In solid, if you try to get at data from a web app, then the web app AND you must BOTH have the access required in the Access control system. You do this with the ACL by making an Authorization which has an origin property.
But if Iâm logged in to https://pheyvaer.github.io/solid-chess/ then that chess app has unrestricted read/write/delete access to all data on my pod, right? Isnât that very dangerous?