- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 29 Aug 2014 11:03:24 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 28 August 2014 14:28, Martin Thomson <martin.thomson@gmail.com> wrote: > The other suggestions, less so. Enhancing CSP might be a good idea to > cover this, rather than the sandboxing stuff. I have CSP folks within > spitting distance, so I'll ask. The question of WebRTC as a whole is > probably more interesting in this regard. I had some discussions with the folks who look after CSP here. The feedback I got from them was that CSP is more designed to protect the integrity of a site and less to protect users. We concluded that providing CSP directives that govern the use of user media wasn't interesting enough to do. However, we did identify an issue with WebRTC and CSP that I've followed up on with the webappsec working group.
Received on Friday, 29 August 2014 18:03:52 UTC