[Bug 21203] EME leaks information cross-origin from bugzilla@jessica.w3.org on 2013-10-26 (public-html-bugzilla@w3.org from October 2013)

From: <bugzilla@jessica.w3.org>
Date: Sat, 26 Oct 2013 00:16:23 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-21203-2486-CxdhUy8wd1@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=21203

David Dorwin <ddorwin@google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #23 from David Dorwin <ddorwin@google.com> ---
The createSession() algorithm currently says [1]: "If a request is successfully
generated and the media data is CORS-same-origin".

I don't think the second half of that statement is necessary or correct since
the initData was provided by the application in the createSession() call. I
plan to remove it.

[1]
https://dvcs.w3.org/hg/html-media/raw-file/8cd813d0a7b5/encrypted-media/encrypted-media.html#dom-createsession

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Saturday, 26 October 2013 00:16:25 UTC