[Bug 6476] New: cross-origin media element loads and progress events from bugzilla@wiggum.w3.org on 2009-01-27 (public-html-bugzilla@w3.org from January 2009)

From: <bugzilla@wiggum.w3.org>
Date: Tue, 27 Jan 2009 14:23:20 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-6476-2486@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=6476

           Summary: cross-origin media element loads and progress events
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Spec bugs
        AssignedTo: dave.null@w3.org
        ReportedBy: annevk@opera.com
         QAContact: public-html-bugzilla@w3.org
                CC: ian@hixie.ch, mike@w3.org, public-html@w3.org


Media elements currently allow for cross-origin loads without explicit opt in
from the server they are requested from. So far this is similar to the img
element and ok. However, progress events are not limited in any way exposing
more information about the file on the other end than has been possible so far
with cross-origin loads. That information needs to be restricted somehow. Most
likely by using CORS as defense mechanism.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 27 January 2009 14:23:37 UTC