- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 28 Aug 2014 14:28:56 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 28 August 2014 03:24, Harald Alvestrand <harald@alvestrand.no> wrote: >> We could for instance prevent getUserMedia from operating without an >> "engagement gesture" (see >> https://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html#glossary >> ). > > I'm hesitant to go that route. This would add an extra activation step > to pages whose only purpose is to send video - for instance, it would > require an engagement gesture before starting the video on > apprtc.appspot.com. I find this tempting, despite the costs here. The permissions prompt is a popup of a sort, so applying the same protection makes a great deal of sense. It's obviously a non-issue on sites where permissions are persisted, so I'm inclined quite favourably toward this. The other suggestions, less so. Enhancing CSP might be a good idea to cover this, rather than the sandboxing stuff. I have CSP folks within spitting distance, so I'll ask. The question of WebRTC as a whole is probably more interesting in this regard.
Received on Thursday, 28 August 2014 21:29:25 UTC