W3C home > Mailing lists > Public > public-media-capture@w3.org > February 2016

Re: [mediacapture-main] Pull Request: Extend iframe with a new allowusermedia attribute (issue: #268)

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Fri, 5 Feb 2016 14:35:04 +0000
To: Martin Thomson <martin.thomson@gmail.com>
CC: jan-ivar via GitHub <sysbot+gh@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B37458B9B@ESESSMB209.ericsson.se>
On 05/02/16 12:29, Martin Thomson wrote:
> On 5 February 2016 at 17:34, Stefan Håkansson LK
> <stefan.lk.hakansson@ericsson.com> wrote:
>> Martin, could you provide a pointer to (some description of) that proposal?
>
> https://docs.google.com/document/d/1iaocsSuVrU11FFzZwy7EnJNOwxhAHMroWSOEERw5hO0/edit

Thanks.

>
> (apologies for not sending earlier, I was mobile)

No problem.

>
> I get the sense that there is still a lot of work to do on this idea.
> The potential for breakage is quite large.

It seems to me that the essence of the "floating idea" is that only the 
top level origin should be shown in user prompts (even if the request to 
use certain resources is made by an iFrame).

This seems mostly in line with PR #313. IIUC, #313 adds that any page 
embedding an iFrame must deliberately set the allowusermedia attribute 
for that iFrame to be able to ask for user media. And if it is the top 
level origin only that will be shown in the user prompt, it makes total 
sense to me if the top level origin can prohibit an iFrame to ask for 
user media.

There is a part in #313 that would go away: it is said that the iframe 
"needs to identify itself in the security prompt presented to the 
user.", and that would go away. But to me #313 seems sensible for now, 
we can remove that part later if the "floating idea" is adopted.


>
Received on Friday, 5 February 2016 14:35:36 UTC

This archive was generated by hypermail 2.3.1 : Friday, 5 February 2016 14:35:36 UTC