W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2013

[Bug 21203] EME leaks information cross-origin

From: <bugzilla@jessica.w3.org>
Date: Sat, 26 Oct 2013 00:16:23 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-21203-2486-CxdhUy8wd1@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21203

David Dorwin <ddorwin@google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #23 from David Dorwin <ddorwin@google.com> ---
The createSession() algorithm currently says [1]: "If a request is successfully
generated and the media data is CORS-same-origin".

I don't think the second half of that statement is necessary or correct since
the initData was provided by the application in the createSession() call. I
plan to remove it.

[1]
https://dvcs.w3.org/hg/html-media/raw-file/8cd813d0a7b5/encrypted-media/encrypted-media.html#dom-createsession

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Saturday, 26 October 2013 00:16:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:45 UTC