[mediacapture-main] site A calling getUserMedia grants permission to site B. from jan-ivar via GitHub on 2016-04-29 (public-media-capture@w3.org from April 2016)

From: jan-ivar via GitHub <sysbot+gh@w3.org>
Date: Fri, 29 Apr 2016 19:01:37 +0000
To: public-media-capture@w3.org
Message-ID: <issues.opened-151945978-1461956496-sysbot+gh@w3.org>

jan-ivar has just created a new issue for 
https://github.com/w3c/mediacapture-main:

== site A calling getUserMedia grants permission to site B. ==
A 
[commit](https://github.com/w3c/mediacapture-main/commit/bbdee2433051107e597a4fbd277b6d619113ac54)
 from a month ago changed the [getUserMedia 
algorithm](http://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia)'s
 step 7:
> [Request 
permission](http://w3c.github.io/mediacapture-main/getusermedia.html#request-permission)
 for use of the devices, while considering all devices attached to a 
`live` MediaStreamTrack to have permission status "granted", resulting
 in a set of provided media.

Putting aside https://github.com/w3c/mediacapture-main/issues/350, 
taken literally, this allows access to site B if site A has a live 
MediaStreamTrack.

We probably mean to limit this to `live` tracks in either the same 
browsing context or the same origin?

Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/354 using your GitHub 
account

Received on Friday, 29 April 2016 19:01:38 UTC