- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Sat, 4 Oct 2014 14:34:34 +0200
- To: Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, Mike West <mkwst@google.com>
- Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>, Chris Palmer <palmer@google.com>
On Sat, Oct 4, 2014 at 1:55 PM, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com> wrote: > is you proposal that gUM should only be possible for authenticated > origins as defined in > https://w3c.github.io/webappsec/specs/mixedcontent/#is-origin-authenticated? > > So far I think we've in this work only talked about http and https, and > I know that some implementation(s) disallow gUM from file: URLs; but > those seem to be authenticated according to the reference. > > We should probably get a better understanding about what the > implications would be of allowing file URL access. I don't think file URLs should have any baring on a move to authenticated origins. The security implications of file URLs (and in fact the workings of file URLs too) have been left up to user agents since forever. I'd rather Mixed Content leaves file URLs as an exercise to the reader until we better know what we want with them in general. -- https://annevankesteren.nl/
Received on Saturday, 4 October 2014 12:35:02 UTC