W3C home > Mailing lists > Public > public-media-capture@w3.org > October 2014

Re: getUserMedia() and authenticated origins #2

From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
Date: Sat, 4 Oct 2014 12:38:30 +0000
To: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>
CC: "public-media-capture@w3.org" <public-media-capture@w3.org>, Chris Palmer <palmer@google.com>
Message-ID: <1447FA0C20ED5147A1AA0EF02890A64B1D072706@ESESSMB209.ericsson.se>
On 04/10/14 14:34, Anne van Kesteren wrote:
> On Sat, Oct 4, 2014 at 1:55 PM, Stefan Håkansson LK
> <stefan.lk.hakansson@ericsson.com> wrote:
>> is you proposal that gUM should only be possible for authenticated
>> origins as defined in
>> https://w3c.github.io/webappsec/specs/mixedcontent/#is-origin-authenticated?
>> So far I think we've in this work only talked about http and https, and
>> I know that some implementation(s) disallow gUM from file: URLs; but
>> those seem to be authenticated according to the reference.
>> We should probably get a better understanding about what the
>> implications would be of allowing file URL access.
> I don't think file URLs should have any baring on a move to
> authenticated origins. The security implications of file URLs (and in
> fact the workings of file URLs too) have been left up to user agents
> since forever. I'd rather Mixed Content leaves file URLs as an
> exercise to the reader until we better know what we want with them in
> general.

I'm confused. Is your proposal that we reference 
and only allow origins that come out as authenticated to access gUM, or 
is it something else?

Received on Saturday, 4 October 2014 12:38:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC