- From: stefan hakansson via GitHub <sysbot+gh@w3.org>
- Date: Fri, 12 Aug 2016 06:48:44 +0000
- To: public-media-capture-logs@w3.org
In any case, specification wise we seem to be broken right now. Permission API says, that only iframes with allowusermedia are allowed to request access (regardless of same origin or not) and goes on to say that Media Capture and Streams defines allowusermedia, but it does not. On Thu, Aug 11, 2016 at 6:10 PM, Harald Alvestrand <notifications@github.com > wrote: > Is there an attack that can be facilitated by "allowusermedia" defaulting > to "on" for same-origin iframes? > If "yes", I'd want to stick with current language; if "no", I'd be willing > to add "with a different origin" in there so that same-origin iframes don't > need it. > > (The case I could think of is where a same-origin iframe is used to > include and isolate content from untrusted sites such as ad networks > without another level of iframe to isolate it - does this make sense?) > > — > You are receiving this because you were assigned. > Reply to this email directly, view it on GitHub > <https://github.com/w3c/mediacapture-main/issues/268#issuecomment-239209683>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/ABICrppqi7I18nsnckHOIWSJxu-ucEBGks5qe0mOgaJpZM4GYBEw> > . > -- GitHub Notification of comment by stefhak Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/268#issuecomment-239373630 using your GitHub account
Received on Friday, 12 August 2016 06:48:51 UTC