W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > October 2015

[mediacapture-main] Permission model for cross-origin iframes

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Oct 2015 08:39:24 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issues.opened-114003054-1446107962-sysbot+gh@w3.org>
martinthomson has just created a new issue for 

== Permission model for cross-origin iframes ==
@juberti suggested that Chrome has some special interaction between 
the top-level browsing context and iframes when gUM consent is 
requested.  What, if any, special treatment do we need for cases where
 gUM is called from within an iframe.

1. iframes can request permission as normal, bound to their origin
2. iframes can only request permission their origin == the top level 
3. iframes can request permission, but they have to request special 
permission to operate in an iframe (permission key is iframe-origin + 
a boolean indicating top-level vs iframe)
4. as 3, but each different top-level origin gets a different special 
permission (permission key is top-level-origin + iframe-origin)
5. permission key is the full origin chain from top-level down

Separately, we might consider an option for higher level contexts to 
indicate if nested browsing contexts are able to use gUM (default 
tbd), much like the fullscreen API.

See https://github.com/w3c/mediacapture-main/issues/267
Received on Thursday, 29 October 2015 08:39:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:28 UTC