- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Sun, 05 Oct 2014 10:24:30 +0200
- To: public-media-capture@w3.org
On 10/04/2014 02:58 PM, Anne van Kesteren wrote: > On Sat, Oct 4, 2014 at 2:54 PM, Stefan HÃ¥kansson LK > <stefan.lk.hakansson@ericsson.com> wrote: >> Next part then: should each user agent decide whether or not it follows >> step four in the algorithm or not, or should it be documented in the gUM >> document something with the meaning "the UA could decide to not allow >> file URLs to access gUM in spite of it evaluating as an authenticated >> origin in [ref to the algorithm]"? > I would prefer that if there are concerns with file URLs we sort those > in Mixed Content somehow as this is bigger than just this single > feature. Unless there are concerns that would be specific to WebRTC? > > The time the discussion about file: URLs came up before was in the context of email attachments; it's apparently not uncommon practice for email clients to store an attachment to a temporary file and call a browser with a file: URL. The concern then was about stored permissions; there should be no way to store permissions for all file: URLs, or pre-autenticate a document for getUserMedia when it might come from an unknown email source - but this is (as I understand it) not an issue because each file: URL is considered to be its own origin. So I think that the rules for file: work for us, and that we are OK with considering file: URLs "authenticated origins" under the reference mentioned. -- Surveillance is pervasive. Go Dark.
Received on Sunday, 5 October 2014 08:25:06 UTC