W3C home > Mailing lists > Public > public-media-capture@w3.org > March 2016

Resolution of the "access to media from iframe" issue

From: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 1 Mar 2016 11:57:44 +0100
To: "public-media-capture@w3.org" <public-media-capture@w3.org>
Message-ID: <56D575A8.4090709@alvestrand.no>
As you may have noticed, we've merged this PR:

https://github.com/w3c/mediacapture-main/pull/313

This declares that cross-origin iframes normally do NOT have access to
media devices at all, but that if the including page wants them to have
it, the including page can allow that by setting the "allowusermedia"
attribute on the iframe.

Our read of the discussion was that the TF's rough consensus was:

a) being explicit about delegation of access to powerful features is
better than trying to be smart about it
b) If we're explict about granting access, the default needs to be "no",
since otherwise, people will delegate access without realizing they have
done so
c) if we want explicit delegation, we'd better get the spec out *soon* -
the number of sites that depend on implicit delegation now is probably
small, and certainly smaller than the number of sites that will depend
on it a year from now if we do nothing.

Thus, we merged this.

This does NOT mean that all discussions about access are done - among
other things, there's a proposal "out there" (referred to elsewhere as
"the floating proposal") that will change the logic of prompts for
permission so that all permission prompts refer to the top-level
context, not the iframe's context. This change will play well with that
proposal, but doesn't mean that we've determined a consensus one way or
the other on that proposal. Discussion on that is still open.

Harald, for the chairs
Received on Tuesday, 1 March 2016 10:58:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 10:58:16 UTC