- From: cowwoc <cowwoc@bbs.darktech.org>
- Date: Tue, 26 Nov 2013 18:57:42 -0500
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: Justin Uberti <juberti@google.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 26/11/2013 6:52 PM, Martin Thomson wrote: > On 26 November 2013 15:46, cowwoc <cowwoc@bbs.darktech.org> wrote: >> If the default is "don't share" (similar to CORS) then I don't think this >> approach scales. > If the choice here is between "some sites don't work" and "user's get > screwed and don't understand why", I think that I know where I stand. > > There is a possibility that the default for the top-level frame can be > made permissive. That's something that might need some extra thought. > I don't think that you can say that iframes are ever safe to allow. I'm in favor of that approach (top-level frame is permissive and nested iframes are not). Gili
Received on Tuesday, 26 November 2013 23:58:43 UTC