On 04/10/14 14:34, Anne van Kesteren wrote: > On Sat, Oct 4, 2014 at 1:55 PM, Stefan Håkansson LK > <stefan.lk.hakansson@ericsson.com> wrote: >> is you proposal that gUM should only be possible for authenticated >> origins as defined in >> https://w3c.github.io/webappsec/specs/mixedcontent/#is-origin-authenticated? >> >> So far I think we've in this work only talked about http and https, and >> I know that some implementation(s) disallow gUM from file: URLs; but >> those seem to be authenticated according to the reference. >> >> We should probably get a better understanding about what the >> implications would be of allowing file URL access. > > I don't think file URLs should have any baring on a move to > authenticated origins. The security implications of file URLs (and in > fact the workings of file URLs too) have been left up to user agents > since forever. I'd rather Mixed Content leaves file URLs as an > exercise to the reader until we better know what we want with them in > general. I'm confused. Is your proposal that we reference https://w3c.github.io/webappsec/specs/mixedcontent/#is-origin-authenticated and only allow origins that come out as authenticated to access gUM, or is it something else?Received on Saturday, 4 October 2014 12:38:56 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC