- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Wed, 3 Dec 2014 12:03:10 +0000
- To: Eric Rescorla <ekr@rtfm.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 02/12/14 22:38, Eric Rescorla wrote: > At TPAC we agreed I would come up with some text to encourage people to > look at authenticated origins for gUM without mandating it. Domenic > contributed some > text in Bugzilla (thanks) and I've modified it some to something I'm > happy with, as > below. PTAL: > > When on an insecure origin, user agents are encouraged wish to warn > about usage of MediaDevices.getUserMedia, navigator.getUserMedia, and > any prefixed variants in their developer tools, error logs, etc. It is > explicitly > permitted for user agents to remove these APIs entirely when on an > insecure origin, as long as they remove all of them at once (e.g., > they should not leave just the prefixed version available on insecure > origins). Looks like a good start to me. Is secure/insecure as defined in [1], or do you see us defining it ourselves ([1] seem pretty unstable)? (and if according to [1], should we bring up the different variants?) [1] http://w3c.github.io/webappsec/specs/mixedcontent/ >
Received on Wednesday, 3 December 2014 12:03:35 UTC