W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2013

[Bug 21203] EME leaks information cross-origin

From: <bugzilla@jessica.w3.org>
Date: Sat, 26 Oct 2013 04:14:06 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-21203-2486-LQmcR7dOoE@http.www.w3.org/Bugs/Public/>

--- Comment #25 from David Dorwin <ddorwin@google.com> ---
The application provides the initData, which contains the defaultURL (if any),
and the application will send the keymessage to the server (either its own or
the one specified by defaultURL). Ultimately, it is the application that is
sending the information, which it already had access to, and normal CORS rules
should apply, right?

You are receiving this mail because:
You are the QA Contact for the bug.
Received on Saturday, 26 October 2013 04:14:07 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:45 UTC