W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > July 2016

Re: [mediacapture-main] Iframe sandboxing options for gUM

From: stefan hakansson via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Jul 2016 06:40:55 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-230994519-1467873653-sysbot+gh@w3.org>
@foolip while I agree that what current implementations do is 
important (as is data on how many applications that would break if 
they change), we also need to consider what makes sense to require in 
a specification.
`allowusermedia` was discussed quite a bit before being added to the 
spec (I provided a couple of links in 
https://github.com/w3c/mediacapture-main/issues/268#issuecomment-230467434).
 
One reason for it was the discussion we had on the permission prompt 
UI, which basically concluded that the iframe _and_ the top-level 
origin should be presented to the user, and then it (to me at least) 
makes sense that the embedding page can control whether or not the 
`iframe` can request to use microphone and camera (and thus present a 
prompt containing the embedding page's origin).
A piece of the puzzle was also a discussion on `iframe` permission 
scoping: 
https://docs.google.com/document/d/1iaocsSuVrU11FFzZwy7EnJNOwxhAHMroWSOEERw5hO0/edit?pref=2&pli=1
@dontcallmedom can you elaborate why we decided not to make 
`allowusermedia` a sandboxing attribute?

-- 
GitHub Notification of comment by stefhak
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/268#issuecomment-230994519
 using your GitHub account
Received on Thursday, 7 July 2016 06:41:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:30 UTC