Re: Cross origin screensharing (was: What is missing for building "real" services?) from Martin Thomson on 2014-01-14 (public-webrtc@w3.org from January 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 14 Jan 2014 09:31:16 -0800
To: Dominique Hazael-Massieux <dom@w3.org>
Cc: Tim Panton new <thp@westhawk.co.uk>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
Message-ID: <CABkgnnWbOa4y3ekpQKu-FJrOqhudXW+notcRL5jbds4w+oFVjg@mail.gmail.com>

On 14 January 2014 05:23, Dominique Hazael-Massieux <dom@w3.org> wrote:
> How about tying this to CORS? If you already grant cross-origin access
> to your Web content via CORS, can it be inferred you're happy to share
> its content via screen sharing?

That doesn't really work in that the iframe (or other cross origin
content) is acquired without the CORS preflight.  I was thinking
Frame-Options actually.

Received on Tuesday, 14 January 2014 17:31:49 UTC