[encrypted-media] Disable EME by default in cross-origin iframes from raymeskhoury via GitHub on 2017-02-08 (public-html-media@w3.org from February 2017)

From: raymeskhoury via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Feb 2017 06:22:30 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-206106937-1486534948-sysbot+gh@w3.org>

raymeskhoury has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Disable EME by default in cross-origin iframes  ==
We would like to explore disabling EME by default for cross-origin 
iframes. The idea is that it would be possible for the embedder to 
re-enable EME using the proposed [Feature 
Policy](https://docs.google.com/document/d/1k0Ua-ZWlM_PsFCFdLMa8kaVTo32PeNZ4G7FFHqpFx4E/edit#heading=h.4yubgixv5l6b)
 mechanism.

Note that this issue is mainly just intended to start the discussion 
about this change. I'm not super familiar with the API so guidance is 
appreciated :).

EME already has a failure mode that occurs as a result of the user 
denying permission. This same failure mode can be reused but we 
probably still want to alter the spec to include the additional check 
to see if the feature is allowed by Feature Policy.

The motivations for this change and a discussion of compatibility risk
 can be found here: 
https://docs.google.com/document/d/13dp9xWVyGM8THAQohDOT2mMOTSGLxEhSZEvgpmVLrxU/edit

@ddorwin

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/371 using your GitHub 
account

Received on Wednesday, 8 February 2017 06:23:05 UTC