I am not OK with this, as described, for three reasons: 1) there is already substantial incentive for apps to use authenticated origins, e.g. persistent permissions in chrome, browsers marking https origins favorably 2) this breaks real, existing applications, e.g. http://webcamtoy.com/ 3) makes trying/experimenting with webrtc difficult, e.g. http://jsfiddle.net, or http://localhost We still want to encourage HTTPS, of course, so I think it would be fine to have console warnings or similar methods of persuasion. On Mon, Oct 6, 2014 at 10:35 PM, Stefan Håkansson LK < stefan.lk.hakansson@ericsson.com> wrote: > Following the recent discussion on the list, the Chairs detect that > there seems to be consensus to move to only allowing authenticated > origins (as defined in [1]) to use getUserMedia (both the callback and > Promise version). > > Please respond by Friday this week (Oct 10th) if you’re OK or Not OK > with this change (silence will be interpreted as being OK with it). > > Harald and Stefan > > [1] > https://w3c.github.io/webappsec/specs/mixedcontent/#is-origin-authenticated > >
Received on Tuesday, 7 October 2014 16:00:10 UTC